# logo-trezor-main.pages.dev — MALICIOUS

> PhishDestroy identifies logo-trezor-main.pages.dev as an active Trezor brand impersonation phishing domain, flagged by 6 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies the domain logo-trezor-main.pages.dev as an active Trezor brand impersonation phishing campaign targeting cryptocurrency wallet users. This domain leverages Cloudflare Pages hosting to mimic official Trezor branding, increasing the likelihood of credential theft or malware delivery. The campaign is currently active and employs domain spoofing techniques to deceive victims into entering sensitive information.  

This domain was flagged by 6 of 95 VirusTotal security vendors, indicating elevated risk despite low detection spread. Registered through Cloudflare, Inc., the domain resolves to IP address 172.66.46.211 and holds an SSL certificate issued by Google Trust Services, enhancing its perceived legitimacy. The combination of trusted infrastructure (Cloudflare, Google Trust Services) and low but notable detection rates suggests a sophisticated campaign designed to evade initial scrutiny while maintaining operational persistence.  

Given the active status and specific targeting of Trezor users, the risk to cryptocurrency holders remains elevated. PhishDestroy recommends immediate domain blocking at network and endpoint levels due to the credible impersonation and active hosting infrastructure. Users should verify all communication purporting to be from Trezor via official channels and avoid interacting with this domain or any linked content. Security teams are advised to monitor for associated IP addresses and implement DNS-based threat intelligence feeds to prevent downstream compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.211

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9a9a08c1-0c19-41ba-b2e3-7cd975958518
- PhishDestroy: https://phishdestroy.io/domain/logo-trezor-main.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/logo-trezor-main.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/logo-trezor-main.pages.dev/
Last updated: 2026-04-01