# trezor-suite-download-get.pages.dev — MALICIOUS

> Stay safe from trezor-suite-download-get.pages.dev, a high-risk phishing domain impersonating Trezor. Avoid this site and verify URLs carefully.

## Summary
PhishDestroy identifies trezor-suite-download-get.pages.dev as a high-risk phishing domain targeting the Trezor brand. This site attempted brand impersonation, aiming to deceive users into divulging sensitive information by mimicking the legitimate Trezor suite download platform. The domain's suspicious activity poses a significant threat to users seeking authentic cryptocurrency hardware wallet services.

Technically, the domain was registered through Cloudflare, Inc. on February 21, 2026. It resolved to IP address 172.66.44.176 and appeared on one recognized security blocklist. VirusTotal analysis flagged the domain with 17 out of 95 security vendors identifying it as malicious. The page title detected was "Suspected phishing site | Cloudflare," indicating active mitigation measures.

Currently, trezor-suite-download-get.pages.dev is offline and no longer accessible to users. PhishDestroy recommends users remain vigilant against similar brand impersonation threats by verifying URLs and only downloading software from official sources. Enterprises should continue monitoring for variants and update their security defenses accordingly.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.176
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["bill.ns.cloudflare.com", "elsa.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "BitDefender", "CRDF", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7c6c-462d-7195-8061-6ef334c4b559.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a7c59392-78e8-4196-8d56-52d7f3aa6d55
- PhishDestroy: https://phishdestroy.io/domain/trezor-suite-download-get.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trezor-suite-download-get.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezor-suite-download-get.pages.dev/
Last updated: 2026-03-19