# trezor-suite-app-ath.pages.dev — MALICIOUS

> trezor-suite-app-ath.pages.dev was used in a high-risk phishing attempt targeting Trezor users. Avoid interaction and stay informed with PhishDestroy.

## Summary
PhishDestroy identifies trezor-suite-app-ath.pages.dev as a high-risk phishing domain impersonating the Trezor brand. Such sites pose serious dangers by attempting to trick users into revealing sensitive information like cryptocurrency wallet credentials or recovery phrases. This can lead to significant financial losses and identity theft.

This phishing scheme operates by mimicking the legitimate Trezor Suite interface, aiming to deceive users into entering their private keys or login data. The domain was registered recently and flagged by several security providers, signaling a coordinated effort to mislead unsuspecting users. Fortunately, this site is currently offline, preventing further harm.

If you have visited trezor-suite-app-ath.pages.dev, immediately cease any communication with the site and do not enter any personal or wallet information. Run a malware scan on your device, change any compromised credentials, and monitor your accounts for unauthorized activity. For ongoing protection, rely on official sources and verified apps to manage your cryptocurrency securely.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.104
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ram.ns.cloudflare.com", "stevie.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ad97c-9d7c-707a-b511-638955066604.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5a2f68aa-b300-4686-90ec-fca103287f10
- PhishDestroy: https://phishdestroy.io/domain/trezor-suite-app-ath.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trezor-suite-app-ath.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezor-suite-app-ath.pages.dev/
Last updated: 2026-03-19