# start-terezor.pages.dev — SUSPICIOUS

> PhishDestroy flags start-terezor.pages.dev as a crypto drainer impersonating Trezor. VT 0/95 detections; block immediately via PhishDestroy.

## Summary
PhishDestroy identifies start-terezor.pages.dev as an active crypto drainer domain masquerading as a Trezor hardware wallet portal. The page employs a spoofed Trezor login interface to harvest seed phrases and private keys, then exfiltrates cryptocurrency assets to attacker-controlled wallets. No advanced drainer kit fingerprints (e.g., Angel Drainer, Inferno) are observed in this campaign, indicating a lightweight but effective credential/seed harvesting operation.

Technical indicators include a Google Trust Services SSL certificate, Cloudflare registration, and resolution to IP 188.114.97.3. VirusTotal shows 0 detections out of 95 scanners, and the domain remains unlisted on Google Safe Browsing. The registrar is Cloudflare, Inc., and the creation date is under investigation. No blocklist entries are recorded as of the latest scan, suggesting the domain is newly deployed.

This domain is currently active and poses a high risk to cryptocurrency users. PhishDestroy has flagged the site for immediate blocking. Users are advised to avoid interacting with the domain and verify any wallet-related communications via official Trezor channels. Remaining risk is moderate due to the domain’s newness and undetected status, but the threat is expected to escalate as the campaign expands. Regular monitoring and proactive blocking are recommended.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dd47b093-4539-4c0d-8cad-189e7e2d2df7
- PhishDestroy: https://phishdestroy.io/domain/start-terezor.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/start-terezor.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start-terezor.pages.dev/
Last updated: 2026-03-24