# help-trezor-io-staart.typedream.app — MALICIOUS > PhishDestroy identifies help-trezor-io-staart.typedream.app as a brand impersonation scam impersonating Trezor; 12 of 95 VirusTotal engines flag this crypto. ## Summary PhishDestroy identifies help-trezor-io-staart.typedream.app as an active crypto-asset drainer masquerading as the Trezor wallet brand. The domain leverages the trusted Trezor name to trick cryptocurrency holders into connecting wallets and signing malicious transactions that silently drain assets to attacker-controlled addresses. No publicly documented drainer kit payloads are listed in current sandboxes; however, the site’s workflow mimics legitimate Trezor login and transaction authorization pages, indicating a lightweight but effective impersonation framework designed for quick fund extraction. Historical campaigns frequently pair such domains with fake support tickets and phishing emails referencing “unauthorized access” to pressure victims into connecting their wallets. This domain was flagged by 12 of 95 VirusTotal security vendors at time of analysis. It resolves to IP 188.114.97.3 and is hosted on Typedream’s appspot, indicating a serverless landing page likely spun up for transient phishing campaigns. The domain uses a Google Trust Services SSL certificate, a tactic intended to bypass browser warnings and increase perceived legitimacy. Public blocklist monitoring shows 3 active detections across threat intelligence platforms, and the domain was created within the last 30 days. Google Safe Browsing has not yet assigned a verdict, leaving a narrow window for continued abuse before takedown measures take effect. PhishDestroy currently rates this domain as elevated risk and active. No public takedown advisories or hosting provider blocks have been confirmed at this time. Users are advised to avoid visiting the domain, verify any Trezor communications via official channels, and report suspicious links to PhishDestroy’s threat feed. Remaining risk is elevated due to the domain’s recent creation, transient hosting, and partial detection coverage; continued monitoring is strongly recommended until global blocklisting and certificate revocation are confirmed. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Trezor ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 188.114.97.3 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/261e1294-7f16-4265-b002-2edaf648343b - PhishDestroy: https://phishdestroy.io/domain/help-trezor-io-staart.typedream.app/ - LLM endpoint: https://phishdestroy.io/domain/help-trezor-io-staart.typedream.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/help-trezor-io-staart.typedream.app/ Last updated: 2026-03-26