# connect-trez-ar-bridge.pages.dev — SUSPICIOUS > connect-trez-ar-bridge.pages.dev is a live crypto wallet drainer posing as a Trezor bridge. Flagged by 2/95 VirusTotal scanners, users should avoid entering. ## Summary PhishDestroy identifies connect-trez-ar-bridge.pages.dev as an active generic phishing domain specifically designed to intercept cryptocurrency wallet credentials under the guise of a Trezor bridge service. The domain leverages Cloudflare Pages hosting to deliver a counterfeit interface that mimics legitimate wallet-bridge functionality, tricking users into entering seed phrases or private keys. Security telemetry indicates this threat is categorized as a wallet drainer, a specialized phishing tool that captures sensitive wallet data and initiates unauthorized transfers. No known affiliation with Trezor or SatoshiLabs is implied or confirmed; the branding is entirely fabricated to exploit trust in reputable hardware wallet ecosystems. This domain resolves to IP address 188.114.96.3 and was registered through Cloudflare, Inc., leveraging Cloudflare’s Pages platform for rapid deployment and evasion of traditional takedowns. The SSL certificate is issued by Google Trust Services, which may contribute to initial trust perception. According to VirusTotal analysis dated seed 375602, only 2 out of 95 security vendors currently flag this domain as malicious, indicating low detection coverage across the security community. No publicly available data reveals the exact creation date of the domain, but its active status and lack of historical indexing suggest a recent deployment. It is not currently flagged in Google Safe Browsing (GSB) as of the last intelligence sweep. The domain has not been widely listed on major blocklists, reflecting a stealthy and possibly targeted campaign. As of the latest assessment, connect-trez-ar-bridge.pages.dev remains ACTIVE and poses an ELEVATED risk to users interacting with cryptocurrency platforms. Immediate response actions include blacklisting the domain at the network perimeter and alerting users through enterprise security awareness campaigns. Despite low detection rates, behavioral indicators such as the false Trezor bridge branding and recent deployment timeline warrant heightened caution. Remaining risk includes potential expansion of targeting beyond initial victims and refinement of the drainer kit to bypass updated defenses. Users are strongly advised to verify any wallet bridge URL through official Trezor channels and never enter private keys or seed phrases into third-party web forms. Security teams should monitor for similar domains hosted on Cloudflare Pages and share IOCs (Indicators of Compromise) via reputable threat intelligence platforms to improve collective detection. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2d74659f-b7b2-4984-9e62-66b8ed568f76 - PhishDestroy: https://phishdestroy.io/domain/connect-trez-ar-bridge.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/connect-trez-ar-bridge.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connect-trez-ar-bridge.pages.dev/ Last updated: 2026-03-22