# faq-trezor-enus.pages.dev — SUSPICIOUS

> faq-trezor-enus.pages.dev impersonates Trezor to steal credentials. This Cloudflare-hosted page resolves to IP 188.114.97.3 with 0/95 VirusTotal detections.

## Summary
faq-trezor-enus.pages.dev is an active brand impersonation domain targeting Trezor users. The site mimics official Trezor FAQ pages to harvest login credentials or seed phrases under the guise of support. Cloudflare’s hosting and a Google Trust Services SSL certificate lend initial credibility, but the domain’s true intent is malicious. PhishDestroy identifies this as a high-risk impersonation campaign due to active distribution and low detection rates.  

This domain was flagged with zero detections out of 95 VirusTotal scans, indicating undetected malicious content. It is registered through Cloudflare, Inc., resolving to IP address 188.114.97.3 via Google Trust Services. While the registrar and SSL provider are legitimate, the domain’s structure—faq-trezor-enus.pages.dev—clearly abuses Trezor’s brand name. The use of a pages.dev subdomain under Cloudflare’s infrastructure is a common tactic to bypass traditional blocklists. No public blocklist entries or reputation scores are currently available, but the absence of detections suggests this campaign is newly active or employs evasion techniques.  

To mitigate risk, Trezor users should avoid clicking links in unsolicited emails or search results referencing this domain. Verify any support requests by visiting Trezor’s official site directly (trezor.io) and use two-factor authentication for accounts. Report suspicious domains to Trezor’s abuse team and consider using DNS filtering tools to block 188.114.97.3. If credentials were entered, revoke access immediately via Trezor’s security settings and transfer funds to a new wallet. Monitor wallet activity for unauthorized transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0116165f-ea85-44a9-830b-cfbeb32743b0
- PhishDestroy: https://phishdestroy.io/domain/faq-trezor-enus.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/faq-trezor-enus.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faq-trezor-enus.pages.dev/
Last updated: 2026-03-22