# PhishDestroy threat dossier — trezor-suiteapp.blogspot.com ================================================================ Fetched: 2026-06-26 16:05:30 UTC Canonical: https://phishdestroy.io/domain/trezor-suiteapp.blogspot.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Trezor ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 14/91 security vendors flagged this domain Flagging vendors: ChainPatrol, alphaMountain.ai, BitDefender, Chong Lua Dao, CyRadar, ESET, Forcepoint ThreatSeeker, Fortinet, G-Data, Kaspersky, LevelBlue, Lionic, PhishFort, Sophos Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 142.251.14.132 Registrar: Google Blogger Nameservers: NS_NOT_FOUND Registered: 2026-06-16 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE2 Expires: 2026-08-17 Status: INVALID chain Fingerprint: 4adb787481f5156204c338b0318482e942bfa1a0e06989317cfef462b2ff72a4 Subject Alternative Names (related infrastructure — often same operator): - blogspot.ae - blogspot.al - blogspot.am - blogspot.ba - blogspot.be - blogspot.bg - blogspot.ca - blogspot.ch - blogspot.cl - blogspot.co.at - blogspot.co.id - blogspot.co.il - blogspot.co.ke - blogspot.co.nz - blogspot.co.uk ... +55 more ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-16 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-06-16 09:06:53 UTC (by PhishDestroy tracker) Last verified: 2026-06-26 16:20:36 UTC Neutralised: 2026-06-16 18:37:51 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019ecf3f-58fb-71b5-a551-9e1779e1e39a/ Wayback Machine: https://web.archive.org/web/*/trezor-suiteapp.blogspot.com crt.sh CT logs: https://crt.sh/?q=%25.trezor-suiteapp.blogspot.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=trezor-suiteapp.blogspot.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/trezor-suiteapp.blogspot.com URLhaus: https://urlhaus.abuse.ch/host/trezor-suiteapp.blogspot.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-25 20:51:46 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain, trezor-suiteapp.blogspot.com, poses a high-risk brand impersonation threat designed to deceive users of the Trezor hardware wallet. The site mimics the legitimate Trezor Suite interface, tricking visitors into entering sensitive information such as wallet credentials, private keys, or recovery seed phrases. Once obtained, attackers can gain unauthorized access to cryptocurrency wallets, leading to immediate and irreversible asset theft. The fraudulent nature of this site is particularly dangerous due to its convincing visual and functional replication of the official platform, making it difficult for users to distinguish between the real and fake versions without technical scrutiny. Analysis indicates this domain was registered through Google Blogger, a common platform exploited for phishing due to its free hosting and SSL certificates provided by Google Trust Services. Despite its seemingly legitimate infrastructure, the domain has been flagged by 14 out of 95 security vendors on VirusTotal, including high-confidence detections from blockchain security and anti-phishing engines. The site resolves to the IP address 142.251.14.132, which is associated with Google’s infrastructure, further obscuring its malicious intent. Additional technical indicators include the use of Blogger, Java, Python, and OpenGSE technologies, as well as HTTP/3, which are consistent with modern phishing campaigns leveraging cloud-based hosting to evade traditional detection methods. The domain appears on three security blocklists and has been assigned a trust score of 0/100 by Gridinsoft, confirming its malicious classification. If you visited trezor-suiteapp.blogspot.com or interacted with its content, immediate action is required to mitigate potential compromise. First, disconnect any devices that were used to access the site from the internet to prevent ongoing data exfiltration. Do not enter any additional credentials or recovery phrases into any platform until you have verified its legitimacy. If you provided wallet credentials or recovery seeds, assume your wallet is compromised and transfer all assets to a new, secure wallet using a clean device. Enable multi-factor authentication on all accounts associated with your cryptocurrency holdings and monitor for unauthorized transactions. Report the incident to the official support channels of the targeted brand and consider filing a report with relevant cybersecurity organizations to aid in tracking and takedown efforts. Regularly update your security software and educate yourself on recognizing phishing indicators to prevent future incidents. [Updates since narrative was generated:] - VirusTotal detections: now 14/91 (narrative was written when count was lower) ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: face9ad5ebc8bcdb40fb9dbc1954e603 TLS cert SHA-256: 4adb787481f5156204c338b0318482e942bfa1a0e06989317cfef462b2ff72a4 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/trezor-suiteapp.blogspot.com/ JSON API: https://api.destroy.tools/v1/check?domain=trezor-suiteapp.blogspot.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 170,543 domains (12,570 alive under monitoring, 157,589 confirmed takedowns/dead). Site: https://phishdestroy.io