# trezorkaufen-ch.pages.dev — MALICIOUS

> trezorkaufen-ch.pages.dev impersonates Trezor in a phishing campaign detected by 7/95 security vendors. Check the full report.

## Summary
PhishDestroy identifies active brand impersonation involving the domain trezorkaufen-ch.pages.dev, which masquerades as the legitimate Trezor cryptocurrency wallet platform. This impersonation poses a significant risk to users seeking to purchase or interact with Trezor hardware wallets, as the malicious domain is designed to deceive visitors into divulging sensitive credentials or financial information under the guise of an official vendor site.


Technical analysis reveals several red flags associated with this domain. Resolving to IP address 172.66.44.58, the domain leverages a Let’s Encrypt SSL certificate to appear legitimate, further enhancing its credibility to unsuspecting users. Cloudflare, Inc. serves as the registrar and hosting provider, a common tactic among threat actors seeking to anonymize their infrastructure. Security vendor scrutiny through VirusTotal flags this domain at a concerning rate of 7 out of 95 detections, indicating a high likelihood of malicious intent. This domain is part of a larger campaign targeting cryptocurrency enthusiasts, exploiting the trusted reputation of Trezor to harvest sensitive data or deploy malware.


Users who have visited trezorkaufen-ch.pages.dev are strongly advised to take immediate precautions. If any credentials, payment details, or personal information were entered on the site, they should be considered compromised and changed immediately. Employing a reputable password manager can help detect similar impersonation attempts in the future. Additionally, users should verify the authenticity of any cryptocurrency-related websites by ensuring they use the official Trezor domain (trezor.io) and avoid links from untrusted sources. Network administrators should consider blocking access to this domain at the firewall level to prevent further exposure within their environments.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.58

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d5691712-c36d-4995-a9ca-10faa1e42b3d
- PhishDestroy: https://phishdestroy.io/domain/trezorkaufen-ch.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trezorkaufen-ch.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezorkaufen-ch.pages.dev/
Last updated: 2026-03-23