# bridge-trezar-download.pages.dev — SUSPICIOUS > PhishDestroy identifies a live crypto wallet drainer phishing domain bridge-trezar-download.pages.dev dropping 0/95 on VirusTotal. ## Summary PhishDestroy identifies an active phishing domain, bridge-trezar-download.pages.dev, hosting a generic but malicious crypto wallet drainer kit. This infrastructure masquerades as a software repository (“bridge-trezar-download”) and targets cryptocurrency users by tricking them into downloading and executing a drainer disguised as a legitimate application. There is no clear association with a well-known brand or cloned interface, suggesting the campaign is opportunistic and leverages fresh domain registrations to evade detection. The drainer kit is designed to scan browser extensions, extract private keys, and initiate unauthorized transactions upon execution, posing a direct financial risk to victims. This domain was flagged by PhishDestroy with the seed identifier 410744. It is registered through Cloudflare, Inc., resolving to IP 172.66.47.142. VirusTotal analysis shows 0 out of 95 engines detecting the payload, indicating zero current signatures. The domain uses a Google Trust Services SSL certificate, increasing its appearance of legitimacy. The creation date and Google Safe Browsing (GSB) status remain under investigation, and no public blocklist entries have been recorded as of this analysis. Current status: the campaign is live and active. Immediate response includes adding bridge-trezar-download.pages.dev to enterprise and personal blocklists, disabling access via DNS sinkholes, and notifying cryptocurrency users and wallet extension developers. While the technical payload remains undetected by AV engines, behavioral monitoring and network-level blocking can prevent execution. Remaining risk is assessed as moderate due to the lack of signatures and Cloudflare’s fast-flux hosting, which may delay mitigation. Users should avoid downloading any files from this domain and treat any unsolicited “bridge” or “trezar” software with extreme caution. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.142 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/67b1aaf6-a0c1-4164-a631-c2ef7bffb5e9 - PhishDestroy: https://phishdestroy.io/domain/bridge-trezar-download.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/bridge-trezar-download.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bridge-trezar-download.pages.dev/ Last updated: 2026-04-12