# project-trezo-io.pages.dev — MALICIOUS > PhishDestroy identifies project-trezo-io.pages.dev as a crypto drainer impersonating Trezor. This site has 11/95 VirusTotal detections and remains active. ## Summary PhishDestroy identifies project-trezo-io.pages.dev as an active crypto drainer impersonating Trezor hardware wallets, leveraging a Google Cloudflare Pages deployment to host malicious JavaScript designed to siphon cryptocurrency assets. The domain employs a spoofed Trezor branding interface to deceive users into connecting their wallets and executing unauthorized transactions. Threat actors distribute this drainer via phishing emails and social media posts mimicking official Trezor communications, exploiting trust in hardware wallet ecosystems to facilitate theft. This domain resolves to IP address 172.66.45.2 and is registered through Cloudflare, Inc. It carries an SSL certificate issued by Google Trust Services, enhancing its perceived legitimacy. PhishDestroy’s forensic scan shows 11 out of 95 VirusTotal security vendors flag this domain as malicious. The site is hosted on Cloudflare Pages, a legitimate platform abused by threat actors to rapidly deploy phishing infrastructure. While not currently flagged by Google Safe Browsing (GSB), the domain has been widely added to multiple blocklists, indicating widespread recognition as a threat actor resource. As of now, project-trezo-io.pages.dev remains active and accessible. PhishDestroy continues to monitor this domain in real time and has coordinated with hosting providers and certificate authorities to initiate takedown procedures. Users are advised to avoid interacting with this domain and to verify all hardware wallet-related URLs using PhishDestroy’s verification tool before entering sensitive data. The current risk level remains elevated due to active propagation and the use of legitimate hosting infrastructure, which increases the likelihood of further victimization. Immediate detection and user awareness are critical to mitigating ongoing exposure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.45.2 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d9b5abe6-465e-4e25-b916-e4e07fed13d7 - PhishDestroy: https://phishdestroy.io/domain/project-trezo-io.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/project-trezo-io.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/project-trezo-io.pages.dev/ Last updated: 2026-03-24