# brige-trezor-cddn.pages.dev — MALICIOUS

> brige-trezor-cddn.pages.dev impersonated Trezor in a high-risk phishing attack. Domain is offline—stay vigilant against similar threats.

## Summary
PhishDestroy identifies brige-trezor-cddn.pages.dev as a high-risk brand impersonation phishing domain targeting Trezor users. The domain was designed to deceive victims by mimicking Trezor's brand, aiming to harvest sensitive information or credentials. Its threat level is rated high due to its direct association with a well-known cryptocurrency hardware wallet brand, increasing potential financial harm.

Supporting this assessment, brige-trezor-cddn.pages.dev was registered recently on February 21, 2026, through Cloudflare, Inc., a common registrar used for quick deployment of fraudulent sites. The domain resolved to IP address 172.66.44.197 and was flagged by 14 out of 95 security vendors on VirusTotal, indicating significant detection by automated systems. Additionally, it appeared on two distinct security blocklists, further confirming its malicious intent. The page title reported by Cloudflare was "Suspected phishing site," aligning with the gathered intelligence.

Currently, the domain is offline, preventing further harm at this time. PhishDestroy recommends users remain cautious when interacting with emails or links referencing Trezor and to verify URLs carefully before entering credentials. Enterprises and security teams should ensure their blocklists include this domain to prevent future attempts. Continuous monitoring for similar domains is advised to mitigate emerging phishing threats leveraging brand impersonation tactics like those seen with brige-trezor-cddn.pages.dev.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.197
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["hugh.ns.cloudflare.com", "jessica.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb60d-ed66-71b8-b251-b0d498f78d9d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/adf75db3-188d-4114-8c63-4f0cb0f1a0b5
- PhishDestroy: https://phishdestroy.io/domain/brige-trezor-cddn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/brige-trezor-cddn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/brige-trezor-cddn.pages.dev/
Last updated: 2026-03-19