# trezorsafe7.io — MALICIOUS

> trezorsafe7.io is a Trezor brand impersonation phishing domain. 16/95 VirusTotal detections confirm active threats. Check the full report.

## Summary
PhishDestroy identifies trezorsafe7.io as an active brand impersonation phishing domain targeting Trezor users. This domain employs fraudulent branding to deceive victims into surrendering sensitive wallet credentials or downloading malicious software under the guise of official Trezor services. The elevated risk level reflects its confirmed presence on security blocklists and consistent detection by antivirus engines, warranting immediate attention from security teams and end users.

This domain was flagged by 16 out of 95 VirusTotal security vendors, indicating widespread suspicion of malicious intent. It resolves to IP address 185.100.87.82 and utilizes a Let's Encrypt SSL certificate to enhance credibility. The domain was registered on February 23, 2026, through PDR Ltd. d/b/a PublicDomainRegistry.com, a registrar often exploited in bulk malicious registrations. Security blocklist provider SEAL has already blacklisted this domain, reinforcing its malicious classification. Despite its recent creation, the domain's low trust scores and high detection rate underscore its aggressive deployment in phishing campaigns.

To mitigate exposure to this threat, users should immediately cease interaction with trezorsafe7.io and verify all URLs against official Trezor domains. Security teams should block the domain at DNS and firewall levels, and inspect network traffic for connections to 185.100.87.82. Trezor users must be reminded to only access services via verified domains and enable multi-factor authentication on their accounts. Immediate reporting of any credential exposure to Trezor support is critical to prevent unauthorized access to cryptocurrency assets.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Trezor

## Domain Intelligence
- Registered: 2026-02-23 09:05:33
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 185.100.87.82

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/002056c1-7c3d-4097-b2f1-f7904dd6504f
- PhishDestroy: https://phishdestroy.io/domain/trezorsafe7.io/
- LLM endpoint: https://phishdestroy.io/domain/trezorsafe7.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezorsafe7.io/
Last updated: 2026-04-14