# bridge-trezor-cddn.pages.dev — MALICIOUS

> Avoid bridge-trezor-cddn.pages.dev—a high-risk phishing domain impersonating Trezor. This site is offline but remains a threat to user security.

## Summary
PhishDestroy identifies bridge-trezor-cddn.pages.dev as a high-risk phishing domain impersonating the Trezor brand, aiming to deceive users and steal sensitive information. Such brand impersonation attacks pose significant risks by exploiting user trust.

The domain was registered on February 21, 2026, via Cloudflare, Inc. It resolved to IP 172.66.47.119 and was flagged by 15 out of 95 security vendors on VirusTotal. It appeared on two security blocklists before being taken offline. Notably, the Cloudflare-hosted page was labeled a suspected phishing site.

Users are advised to avoid interacting with this domain and report any suspicious communication referencing Trezor. Maintaining updated security software and verifying URLs carefully can help prevent falling victim to similar fraud attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.119
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["hugh.ns.cloudflare.com", "jessica.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7c84-dab5-7299-8a58-f242bc120db4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a3ec3447-75d5-47c8-a78f-514985c62974
- PhishDestroy: https://phishdestroy.io/domain/bridge-trezor-cddn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/bridge-trezor-cddn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bridge-trezor-cddn.pages.dev/
Last updated: 2026-03-19