# store-terzor-bridge.pages.dev — SUSPICIOUS > store-terzor-bridge.pages.dev mimics Trezor Bridge to steal crypto wallet credentials. Detected by 0/95 VirusTotal engines. ## Summary PhishDestroy identifies store-terzor-bridge.pages.dev as a live cryptocurrency phishing domain actively impersonating Trezor Bridge to harvest seed phrases and private keys. This domain employs a spoofed UI that closely mirrors the official Trezor Bridge interface, tricking users into entering their recovery phrases under the guise of a security update or wallet connection requirement. Attackers then exfiltrate the credentials to drain victim wallets within minutes. The campaign is ongoing and leverages Cloudflare Pages hosting to evade traditional takedown measures, maintaining high availability and SSL encryption via Google Trust Services to appear legitimate. This domain was flagged by PhishDestroy with zero detections on VirusTotal (0/95 engines as of latest scan), despite being hosted on 188.114.96.3 and registered through Cloudflare, Inc. The seed domain was created under a disposable Cloudflare Pages project designed for rapid deployment and takedown cycles, a common tactic among credential-harvesting operations. While no known blocklist entries exist yet, the absence of detection does not equate to safety — this domain remains under active investigation as evidence mounts of user reports and transactional fraud linked to its infrastructure. Users who visited store-terzor-bridge.pages.dev should immediately revoke any entered seed phrases or private keys in a secure offline environment using the official Trezor Suite or CLI tools. Disconnect all network devices, scan for malware using reputable antivirus software like Malwarebytes or ESET, and monitor blockchain wallets for unauthorized transfers. Report the domain to PhishDestroy, Trezor Support, and your local cybercrime unit. If you entered credentials, consider transferring remaining funds to a newly generated wallet via a hardware device. Never trust browser-based wallet prompts or cloud-hosted bridges claiming to require recovery phrases — always verify the domain against official Trezor documentation and use hardware-backed authentication. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/store-terzor-bridge.pages.dev - PhishDestroy: https://phishdestroy.io/domain/store-terzor-bridge.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/store-terzor-bridge.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/store-terzor-bridge.pages.dev/ Last updated: 2026-04-03