# live-trezorb.pages.dev — SUSPICIOUS

> PhishDestroy identifies live-trezorb.pages.dev as a Trezor brand impersonation site hosting malware on Cloudflare Pages with an IP at 172.66.47.166.

## Summary
PhishDestroy identifies live-trezorb.pages.dev as a live Trezor brand impersonation campaign currently active and hosted on Cloudflare Pages. This fraudulent site mimics the official Trezor hardware wallet brand to trick users into entering recovery phrases or downloading malicious firmware updates. The threat actor leverages cloudflare-pages.dev infrastructure to evade traditional detection, while the live subdomain suggests a rapidly deployed phishing kit designed for credential harvesting or cryptocurrency theft.

This domain was flagged due to clear impersonation of Trezor and shows zero detections on VirusTotal across 95 engines. It resolves to IP 172.66.47.166 and is registered through Cloudflare, Inc., leveraging Google Trust Services for its SSL certificate. Despite zero current detections, the domain remains active and is not listed on any major blocklists as of this report.

Users who visited live-trezorb.pages.dev should immediately revoke any credentials entered and check their devices for unauthorized transactions. Disconnect affected systems from the internet, run a full antivirus scan, and avoid interacting with any Trezor-themed links received via email or social media. Report the domain to Trezor’s official fraud reporting channels and consider rotating all related cryptocurrency wallet credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.166

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/409cd356-c7a7-4b18-b632-86b994c93b39
- PhishDestroy: https://phishdestroy.io/domain/live-trezorb.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/live-trezorb.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/live-trezorb.pages.dev/
Last updated: 2026-03-22