# trezor5.nexbitadvisors.com — SUSPICIOUS

> trezor5.nexbitadvisors.com flagged for crypto drainer impersonation of Trezor with 0/95 VirusTotal detections. Investigate and block immediately.

## Summary
PhishDestroy identifies trezor5.nexbitadvisors.com as a live domain actively impersonating the Trezor hardware wallet brand to deploy crypto drainers. This domain mimics Trezor’s official naming conventions to deceive users into downloading malicious software or entering recovery phrases, risking direct theft of cryptocurrency assets. The threat actor leverages social engineering through nexus branding to appear legitimate, exploiting user trust in legitimate wallet providers.  This domain was flagged through automated monitoring, revealing a Let’s Encrypt SSL certificate (not inherently malicious), resolution to IP 198.185.159.144, and 0 detections out of 95 VirusTotal engines as of 21d203. Registrar data indicates registration via Squarespace Domains LLC on March 03, 2025 — a recent and suspicious timing likely intended to evade historical blocklists. The absence of detections does not indicate safety; rather, it highlights the need for proactive blocking due to clear impersonation intent.  Users who visited trezor5.nexbitadvisors.com should immediately disconnect any internet-enabled devices, do not enter any seed phrases, passwords, or private keys, and run full antivirus scans. Disconnect hardware wallets from all computers. Report the domain to your antivirus provider and Trezor support. Do not interact further — treat all communications from this domain as hostile. Block the domain and IP 198.185.159.144 at firewall and DNS levels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registered: 2025-03-03 19:06:53
- Registrar: Squarespace Domains LLC
- IP: 198.185.159.144

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/01fcdc7b-35ed-43d5-a978-9011c765c6df
- PhishDestroy: https://phishdestroy.io/domain/trezor5.nexbitadvisors.com/
- LLM endpoint: https://phishdestroy.io/domain/trezor5.nexbitadvisors.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezor5.nexbitadvisors.com/
Last updated: 2026-03-22