# connect--trezar-bridge-en.pages.dev — SUSPICIOUS

> PhishDestroy flags connect--trezar-bridge-en.pages.dev as a crypto-draining phishing site mimicking Trezor Bridge. Counts 2/95 on VirusTotal.

## Summary
PhishDestroy identifies connect--trezar-bridge-en.pages.dev as an active crypto-draining phishing page posing as the Trezor Bridge interface. This Cloudflare Pages domain (seed a494d9) lures users into connecting wallets under the guise of a legitimate bridge service, then silently drains assets via a malicious drainer kit. The page imitates Trezor’s branding to lower user suspicion while executing unauthorized transactions once wallet permissions are granted.  This domain was flagged by 2 of 95 VirusTotal security vendors at the time of analysis. It resolves to IP 188.114.96.3, is registered through Cloudflare, Inc., and holds a Google Trust Services SSL certificate (status not listed on Google Safe Browsing as of this report). It operates under the Cloudflare Pages platform, which allows rapid deployment of spoofed landing pages, and shows no current presence on major blocklists—indicating recent activation and low detection coverage.  The site remains active with an elevated risk rating. Immediate action includes blocking the domain at network and endpoint levels. Users are advised to verify URLs via official Trezor channels and avoid interacting with unsolicited bridge links. Remaining risk is moderate due to low VT detections, fast flux infrastructure, and absence from blocklists, suggesting this campaign may expand rapidly. Monitor for new hashes and IPs associated with this seed.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f3773b30-2e90-460b-838a-966dbd1ba438
- PhishDestroy: https://phishdestroy.io/domain/connect--trezar-bridge-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/connect--trezar-bridge-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/connect--trezar-bridge-en.pages.dev/
Last updated: 2026-03-22