# bridge-trezor-help-io.pages.dev — MALICIOUS

> bridge-trezor-help-io.pages.dev impersonates Trezor in a phishing attempt. Stay vigilant and avoid interaction with this domain. Learn more now.

## Summary
PhishDestroy has identified bridge-trezor-help-io.pages.dev as a malicious domain engaging in brand impersonation targeting Trezor users. Classified as a high-risk phishing site, it attempts to deceive victims by mimicking official Trezor support or help services.

Technical analysis reveals that the domain was registered through Cloudflare, Inc. on February 21, 2026, and resolves to IP address 172.66.44.56. It appeared on two security blocklists and was flagged by 14 out of 95 VirusTotal security vendors. The page title detected was "Suspected phishing site | Cloudflare," which indicates hosting under Cloudflare’s infrastructure.

Currently, bridge-trezor-help-io.pages.dev has been taken offline, mitigating the immediate threat. However, vigilance is advised as similar domains may emerge. PhishDestroy recommends users avoid clicking suspicious links and verifying URLs closely to prevent falling victim to brand impersonation attacks like this one.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.56
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ray.ns.cloudflare.com", "adele.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb66b-8d94-73cc-b95c-85dafdf25464.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5bfcb623-febe-436a-98d3-65baeb0ea0a4
- PhishDestroy: https://phishdestroy.io/domain/bridge-trezor-help-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/bridge-trezor-help-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bridge-trezor-help-io.pages.dev/
Last updated: 2026-03-19