# tezor-suite--web.pages.dev — SUSPICIOUS

> PhishDestroy flags tezor-suite--web.pages.dev as a live crypto drainer that mimics Trezor Suite; 1 of 95 VirusTotal scanners detected it.

## Summary
PhishDestroy identifies tezor-suite--web.pages.dev as an active crypto-currency drainer posing as the legitimate Trezor Suite web wallet interface. The domain is currently classified at an elevated risk level due to its demonstrated capability to surreptitiously approve and sign malicious transactions on behalf of unsuspecting users. All evidence points to a live campaign designed to harvest private keys and seed phrases under the guise of routine wallet management.

This domain was flagged by PhishDestroy with an elevated risk classification after resolving to IP 188.114.96.3 and presenting a Google Trust Services SSL certificate. VirusTotal analysis yielded a detection ratio of 1 out of 95 security vendors, indicating limited but present suspicion among the broader security community. The domain is registered through Cloudflare, Inc., leveraging the provider’s proxy and content-delivery services to obfuscate origin infrastructure and evade takedowns. These technical indicators strongly correlate with known cryptocurrency drainer toolkits that employ fast-flux hosting and trusted certificate authorities to bypass browser warnings and build user trust.

Immediate mitigation steps include blocking the domain tezor-suite--web.pages.dev at the network perimeter and instructing users to verify every Trezor-related link against the official trezor.io domain. Users who may have already visited the site should disconnect their hardware wallet, revoke any unauthorized browser extension permissions, and perform a factory reset on the device before re-importing funds. Always cross-check URLs against Trezor’s published domain list and enable the passphrase feature to add an extra layer of protection against unauthorized access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/613100c1-ce4a-41f5-8564-31ca93c665c2
- PhishDestroy: https://phishdestroy.io/domain/tezor-suite--web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/tezor-suite--web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tezor-suite--web.pages.dev/
Last updated: 2026-03-23