# docsuite-trezorr.gitbook.io — MALICIOUS

> docsuite-trezorr.gitbook.io impersonates Trezor to steal data. Avoid this site and protect your assets. Learn more and stay safe with PhishDestroy.

## Summary
PhishDestroy identifies docsuite-trezorr.gitbook.io as a high-risk phishing domain that impersonates the legitimate Trezor brand. This fraudulent site was designed to deceive users by mimicking the official Trezor Suite App page, potentially putting cryptocurrency assets and personal information at significant risk.

This phishing scheme operates by presenting a convincing replica of the Trezor desktop application interface, tricking victims into entering sensitive login credentials or recovery phrases. The domain was flagged by multiple security vendors and appears on a security blocklist, indicating its malicious intent. Although the site is currently offline, it was registered recently through Cloudflare and resolved to an IP address associated with content delivery services, suggesting a sophisticated setup to evade detection.

If you have visited docsuite-trezorr.gitbook.io, immediately refrain from providing any personal or security information. Run a full security scan on your devices and change any passwords or recovery phrases that may have been compromised. Always verify URLs directly through official brand channels and consult trusted cybersecurity resources like PhishDestroy for the latest threat updates.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Trezor Suite App (Official) | Desktop

## Domain Intelligence
- Registered: 2026-03-13 01:07:02
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.40.47
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dahlia.ns.cloudflare.com", "hugh.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "DNS8", "ESET", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "LevelBlue", "Lionic", "Netcraft", "OpenPhish", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce491-1b98-760b-99c6-5d9fde210869.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d75986cf-15fd-4072-a922-3c1480ddacd8
- PhishDestroy: https://phishdestroy.io/domain/docsuite-trezorr.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/docsuite-trezorr.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/docsuite-trezorr.gitbook.io/
Last updated: 2026-03-19