# trezorrewaelete.webflow.io — MALICIOUS > Beware the Trezor impersonator trezorrewaelete.webflow.io — a crypto drainer phishing page flagged by 15 of 95 VirusTotal vendors. ## Summary PhishDestroy has identified the domain trezorrewaelete.webflow.io as an active crypto drainer impersonating the Trezor brand. The site is currently operational and leveraging high-confidence branding to deceive users into connecting cryptocurrency wallets or entering seed phrases. Initial analysis confirms this is not a generic phishing attempt; rather, it is a targeted campaign designed to exfiltrate digital assets under the guise of a legitimate Trezor service. This domain was flagged by 15 of 95 VirusTotal security vendors, indicating moderate detection but elevated risk due to its active impersonation tactics. The page is hosted on Webflow infrastructure and resolves to the IP address 104.18.36.248, which is associated with Google Trust Services’ SSL certificate. While the domain itself is newly observed within the threat landscape, its rapid deployment suggests opportunistic exploitation of brand recognition. Notably, the page mimics Trezor’s official Webflow-hosted educational content, adding a veneer of legitimacy to what is a malicious wallet-draining operation. Immediate remediation is advised: block inbound and outbound traffic to trezorrewaelete.webflow.io at the network perimeter. Users who may have interacted with this page should isolate any connected cryptocurrency wallets, revoke exposed seed phrases, and enable transaction monitoring on all associated accounts. Given the use of a valid Google SSL certificate and Webflow hosting, traditional domain-based blocking may be insufficient—organizations are urged to implement TLS inspection and behavioral analysis to detect future variants. PhishDestroy continues to monitor this campaign and will update intelligence as the infrastructure evolves. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Trezor ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b68e92d0-d606-41f0-a1f9-4d8cba1bb933 - PhishDestroy: https://phishdestroy.io/domain/trezorrewaelete.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/trezorrewaelete.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trezorrewaelete.webflow.io/ Last updated: 2026-03-28