# official-trzor-bridge.pages.dev — SUSPICIOUS > official-trzor-bridge.pages.dev hosts a crypto drainer posing as a fake TRON bridge. Zero detections on VirusTotal. Block immediately. ## Summary The domain official-trzor-bridge.pages.dev has been identified as a crypto drainer impersonating a legitimate TRON bridge service. This threat falls under the high-risk category due to its active exploitation of unsuspecting users seeking TRON-based bridge solutions. The domain leverages a deceptive page on Cloudflare Pages to mimic an official TRON bridge interface, aiming to trick users into connecting their wallets and authorizing malicious token transfers. This domain resolves to IP 172.66.47.90 and currently exhibits zero detections across 95 VirusTotal scanners. The SSL certificate is issued by Google Trust Services, which may lend an air of legitimacy to the site. The domain is registered through Cloudflare, Inc., and is hosted on Cloudflare Pages, a platform often exploited by threat actors to rapidly deploy and take down malicious pages. Notably, this domain has not yet been flagged by any known blocklists, which could delay detection by traditional defenses. Users should block access to official-trzor-bridge.pages.dev at the network level and warn stakeholders about the risks associated with fake TRON bridge services. Organizations should monitor for any internal access to this domain and investigate wallet transactions originating from user devices. Implementing DNS filtering rules to block this domain, along with similar typosquatting variations of TRON bridge services, is strongly advised. Additionally, end users should verify bridge URLs via official TRON channels and refrain from connecting wallets to unofficial or unverified platforms. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.90 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/dffd7fb8-072d-4e21-aa23-bb4ce8dedfa0 - PhishDestroy: https://phishdestroy.io/domain/official-trzor-bridge.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/official-trzor-bridge.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/official-trzor-bridge.pages.dev/ Last updated: 2026-03-22