# io-trezor-sterts-help.pages.dev — MALICIOUS

> The domain io-trezor-sterts-help.pages.dev impersonates Trezor and is flagged as high risk. Avoid interaction and rely on official channels only.

## Summary
PhishDestroy identifies io-trezor-sterts-help.pages.dev as a high-risk brand impersonation threat targeting Trezor users. This domain attempts to deceive visitors by mimicking the reputable hardware wallet brand, posing significant risk to users’ security and funds.

Supporting evidence includes its creation date on February 21, 2026, recent and suspiciously timed registration via Cloudflare, Inc., and its resolution to IP 172.66.47.182. The domain was flagged by 15 out of 95 VirusTotal security vendors and appears on at least one security blocklist. The page title captured, "Suspected phishing site | Cloudflare," further confirms its malicious intent and recognition by security providers.

Mitigation efforts have succeeded as the domain is currently offline, effectively removing immediate risk. Users are strongly advised to avoid interacting with this domain or any links purporting to be associated with Trezor that do not originate from official sources. Continuous monitoring is recommended to prevent reactivation or the rise of similarly deceptive domains. PhishDestroy underscores vigilance and reliance on verified platforms to safeguard against such brand impersonation threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.182
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["amos.ns.cloudflare.com", "luciane.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ca235-2e41-7660-872e-8f5920bbd854.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/6dbcc31c-557c-4086-9902-4fb60c1f51c7
- PhishDestroy: https://phishdestroy.io/domain/io-trezor-sterts-help.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/io-trezor-sterts-help.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/io-trezor-sterts-help.pages.dev/
Last updated: 2026-03-19