# dashboard--trzor-en-us.pages.dev — SUSPICIOUS > PhishDestroy identifies dashboard--trzor-en-us.pages.dev as a live Trezor impersonation hosted on Cloudflare (172.66.47.97) with 0/95 VirusTotal detections. ## Summary PhishDestroy has flagged dashboard--trzor-en-us.pages.dev for active brand impersonation of Trezor, the cryptocurrency wallet provider. The malicious domain leverages a spoofed ‘Trezor Wallet Start Guide’ landing page with a title designed to mislead users into surrendering sensitive credentials. While no drainer kit artifacts were identified during initial triage, the use of a Google Trust Services SSL certificate and a Cloudflare-based infrastructure strongly suggests a coordinated deception campaign targeting Trezor users. The page remains accessible and appears to be actively soliciting wallet-related inputs despite having no current detections across 95 VirusTotal engines. Technical indicators confirm elevated concern: the domain resolves to IP 172.66.47.97 via Cloudflare, Inc. registration, exhibits 0/95 VirusTotal detections, and utilizes a legitimate Google Trust Services SSL certificate. No blocklist entries were recorded at the time of analysis, indicating this is a newly observed threat with minimal prior exposure. The absence of detections, combined with a convincing impersonation of Trezor’s branding, underscores the sophistication of this attack vector. Given that the domain was registered through Cloudflare’s Pages service, threat actors are exploiting legitimate deployment platforms to host malicious content with reduced friction and faster propagation. The domain is currently active and no remediation has been applied. Users are strongly advised to avoid interaction and verify destination URLs before entering any sensitive information. Security teams should block the domain at the network perimeter and investigate endpoints that may have accessed it. While risk remains under investigation pending additional telemetry, the configuration and infrastructure suggest an imminent threat to cryptocurrency holders. Immediate containment actions are recommended to prevent credential harvesting and potential fund loss. Remaining risk is assessed as high due to the domain’s active status, low detection rate, and alignment with known crypto-wallet targeting campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP ?) - Target brand: Trezor - Page title: Trezor Wallet Start Guide - Secure Your Crypto Today ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.97 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/cd439ae8-2a52-4d73-ab6b-e054837293c6 - PhishDestroy: https://phishdestroy.io/domain/dashboard--trzor-en-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/dashboard--trzor-en-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/dashboard--trzor-en-us.pages.dev/ Last updated: 2026-04-12