# trezor-start.io-startt.com — MALICIOUS

> trezor-start.io-startt.com is under review for phishing risks. Exercise caution and avoid sharing sensitive info with this domain.

## Summary
PhishDestroy has identified the domain trezor-start.io-startt.com as potentially involved in generic phishing activities. While this threat type is common, it poses significant risks by attempting to deceive users into revealing sensitive data such as login credentials or financial information. The domain remains under active investigation due to suspicious characteristics.

The domain was registered on November 17, 2025, through Internet Domain Service BS Corp. It resolves to the IP address 188.114.96.3. Although VirusTotal scans currently show no detections from security vendors, the recent creation date combined with its registrar and infrastructure details warrant continued monitoring. This combination frequently appears in phishing campaigns attempting to exploit users' trust in recognizable brand terms.

Users are advised to proceed with caution and avoid interacting with trezor-start.io-startt.com until a full assessment is complete. Avoid clicking on links or providing any personal or financial details on this site. Employ up-to-date security tools and report any suspicious activity to your organization's security team or through trusted channels. Vigilance remains crucial while investigations continue.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Target brand: Trezor
- Page title: Trezor.io/Start® | Starting Up Your Device | Trezor®

## Domain Intelligence
- Registered: 2025-11-17 16:23:44
- Registrar: Internet Domain Service BS Corp.
- IP: 188.114.96.3
- Nameservers: devin.ns.cloudflare.com liberty.ns.cloudflare.com

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "CyRadar", "Emsisoft", "Ermes", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "SOCRadar", "Sophos", "Trustwave", "Webroot", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Live Page Content

### Page Text
Your request was blocked.

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc5ca-6ecd-74b9-b8ac-437bd4deb8bf.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2e708e6e-a015-4184-a1f5-bd14610f4094
- PhishDestroy: https://phishdestroy.io/domain/trezor-start.io-startt.com/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezor-start.io-startt.com/
Last updated: 2026-03-14