# bredge-trezorta.pages.dev — MALICIOUS

> bredge-trezorta.pages.dev is a Trezor brand impersonation crypto-drainer site flagged by 10/95 VirusTotal security tools. Avoid entering wallet credentials.

## Summary
PhishDestroy identifies the domain bredge-trezorta.pages.dev as an active brand-impersonation threat targeting Trezor wallet users. Security telemetry confirms this site masquerades as the official Trezor brand to deceive visitors into connecting cryptocurrency wallets or submitting recovery phrases. No evidence suggests a custom drainer kit; instead, the page likely leverages open-source drainer scripts hosted on Cloudflare Pages with a Trezor-themed interface designed to harvest private keys or initiate unauthorized transfers. The infrastructure is provisioned via Cloudflare Pages, allowing rapid deployment and cloaking behind Cloudflare’s proxy (172.66.47.117), which complicates takedown efforts and hides the origin server.  This domain was flagged by 10 out of 95 VirusTotal security vendors and resolves to IP 172.66.47.117 through Cloudflare, Inc. The site operates under a Google Trust Services SSL certificate, increasing its perceived legitimacy. While the exact registration date remains obscured by Cloudflare’s privacy protections, the domain is currently active and hosted on Cloudflare Pages. It has not been flagged by Google Safe Browsing (GSB) at the time of analysis but is already present on multiple threat intelligence blocklists, indicating early detection by security vendors. The combination of high VT detection ratio, Cloudflare obfuscation, and brand impersonation suggests a moderately sophisticated operation with elevated risk to cryptocurrency users.  As of this assessment, the domain remains active and accessible. Immediate response includes blocking 172.66.47.117 and bredge-trezorta.pages.dev at the network and DNS levels. Users should avoid visiting the site and report it to Trezor’s official abuse channels and security platforms like PhishDestroy, AbuseIPDB, and Google Safe Browsing. While detection is improving, the risk remains elevated due to continuous deployment of similar decoy pages under Cloudflare’s ecosystem. Regular monitoring and proactive network filtering are recommended to prevent exposure. The domain represents a clear and present danger to individuals seeking Trezor wallet services or support.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.117

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e14fcf15-bc96-4dfa-b9ef-f6fdd291e0fb
- PhishDestroy: https://phishdestroy.io/domain/bredge-trezorta.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/bredge-trezorta.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bredge-trezorta.pages.dev/
Last updated: 2026-03-22