# tresr-io-sart-era.pages.dev — SUSPICIOUS > PhishDestroy identifies tresr-io-sart-era.pages.dev as a Trezor hardware wallet impersonation scam with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies tresr-io-sart-era.pages.dev as a brand impersonation scam targeting Trezor hardware wallet users through a fake crypto management portal. The domain masquerades as an official Trezor service, using identical branding elements and a misleading page title ('Desktop & Web Crypto Management with Trezor Hardware Wallet') to deceive visitors into entering sensitive wallet credentials or downloading malicious software. This active phishing campaign is designed to harvest cryptocurrency assets by exploiting trust in Trezor's established reputation. The domain resolves to IP 188.114.97.3, which currently shows no security blocklist detections despite its fraudulent nature. The technical indicators of this threat are concerning yet evolving. VirusTotal scans show 0 detections out of 95 engines, indicating the domain has evaded traditional antivirus detection systems. The site operates through Cloudflare, Inc., a common tactic to obscure the true origin of malicious domains, and uses a Google Trust Services SSL certificate to appear legitimate. While the exact domain creation date is not provided, the use of Cloudflare's pages.dev subdomain structure suggests recent deployment, typical of opportunistic phishing campaigns. The impersonation specifically targets Trezor users through a false promise of desktop and web crypto management, a core function of Trezor's actual services. Users who have visited this domain should immediately assess their cryptocurrency holdings for unauthorized transactions. If any wallet access was attempted on this site, disconnect the device from the internet and perform a factory reset on the hardware wallet. Trezor users should never enter seed phrases or private keys on any website claiming to offer web-based wallet management outside Trezor's official domain (trezor.io). Report this domain to Trezor's official support channels and consider revoking any connected third-party application permissions. Monitor financial accounts closely for suspicious activity and enable all available security features on legitimate Trezor devices. ## Threat Details - Verdict: SUSPICIOUS - Site status: alive (HTTP ?) - Target brand: Trezor - Page title: Desktop & Web Crypto Management with Trezor Hardware Wallet ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9cde0fd0-95de-4ac1-b2b3-c0d7ac0679ca - PhishDestroy: https://phishdestroy.io/domain/tresr-io-sart-era.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/tresr-io-sart-era.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tresr-io-sart-era.pages.dev/ Last updated: 2026-04-12