# trezorawalilt.webflow.io — MALICIOUS

> Beware: trezorawalilt.webflow.io mimics Trezor to push a crypto drainer. VirusTotal flags 17/95 vendors. Verify on PhishDestroy before engaging.

## Summary
PhishDestroy analysis identifies the domain trezorawalilt.webflow.io as an active Trezor impersonation site designed to harvest cryptocurrency wallet credentials and push a crypto drainer payload. The page resolves to 104.18.36.248 and uses a Google Trust Services SSL certificate to appear legitimate. This domain has been blacklisted by OpenPhish and is currently flagged by 17 out of 95 VirusTotal security vendors, confirming its malicious intent.

Registrar and hosting details reveal this domain was created recently and leverages the Webflow platform to mimic Trezor’s official branding. It joins a single security blocklist, yet its presence across multiple detection engines underscores the risk it poses to cryptocurrency users seeking to access wallet services. The combination of impersonation, recent creation, and dual-blocklist coverage highlights an elevated threat level targeting Trezor users.

If you visited trezorawalilt.webflow.io, disconnect from the internet immediately and revoke any active wallet connections. Scan your device for malware using reputable antivirus tools and review transaction history for unauthorized transfers. PhishDestroy recommends users verify domain legitimacy via official Trezor channels before entering credentials or interacting with crypto-related prompts.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/15a34398-8ee8-477e-90d2-24006b03c4c7
- PhishDestroy: https://phishdestroy.io/domain/trezorawalilt.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/trezorawalilt.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezorawalilt.webflow.io/
Last updated: 2026-03-29