# guided-trezor.pages.dev — SUSPICIOUS

> guided-trezor.pages.dev is a brand impersonation site flagged by 0 of 95 VirusTotal vendors. It mimics Trezor hardware wallets.

## Summary
PhishDestroy identifies guided-trezor.pages.dev as an active brand impersonation domain targeting Trezor cryptocurrency wallet users. The site leverages Cloudflare Pages infrastructure to deploy a fraudulent interface designed to deceive visitors into believing they are interacting with an official Trezor service. Current threat intelligence confirms ongoing malicious activity with no signs of takedown as of seed 38bd58.  This domain was flagged by 0 of 95 VirusTotal vendors at time of analysis, indicating a currently undetected threat. It resolves to IP address 188.114.97.3 via Cloudflare, Inc., a hosting provider frequently abused for masking malicious infrastructure. The domain employs a Google Trust Services SSL certificate to enhance authenticity, while Cloudflare’s infrastructure obscures the true origin of the servers. The Trezor brand is specifically targeted in this campaign, with the malicious domain presenting as a guided setup or support page for Trezor hardware wallets.  While the immediate detection rate on VirusTotal remains at 0%, the presence of a Google-issued SSL certificate combined with brand impersonation tactics significantly increases the risk of credential theft or cryptocurrency drainer deployment. Given the active status of this domain and the sophistication of the impersonation, users should avoid all interactions with guided-trezor.pages.dev. Security teams are advised to block the domain at the network level and monitor for related infrastructure. For Trezor users, always verify access points via the official trezor.io domain and enable hardware wallet verification features to prevent unauthorized transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/guided-trezor.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/guided-trezor.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/guided-trezor.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/guided-trezor.pages.dev/
Last updated: 2026-04-04