# trezrr-suite-en.pages.dev — SUSPICIOUS > PhishDestroy identifies trezrr-suite-en.pages.dev as a fraudulent Trezor wallet phishing page. 1 vendor flags it. Check the full report. ## Summary PhishDestroy identifies trezrr-suite-en.pages.dev as a malicious domain hosting a counterfeit Trezor Suite interface designed to harvest wallet recovery phrases and private keys. This phishing infrastructure mimics the legitimate Trezor hardware wallet ecosystem in order to deceive cryptocurrency users into surrendering their seed phrases under the guise of an urgent software update or account verification. The domain is currently active and engaged in active credential and asset theft operations targeting Trezor device owners. Threat actors are leveraging the Cloudflare Pages platform to host spoofed web applications that closely replicate the official Trezor Suite interface, including branding, UI elements, and domain naming conventions. The operation is ongoing as of seed 45a435 and represents an elevated risk to users who may inadvertently input their recovery phrases into the fraudulent interface. This domain has been flagged by 1 of 95 VirusTotal vendors and is hosted on Cloudflare’s infrastructure with a Google Trust Services SSL certificate resolving to 172.66.44.75. The domain was registered through Cloudflare, Inc., with no publicly visible creation date due to Cloudflare’s privacy protections. While specific blocklist participation is low (1/95 vendors), the presence of a valid SSL certificate from a trusted issuer increases the likelihood of successful deception, as users are more inclined to trust HTTPS-enabled domains. The associated IP address, 172.66.44.75, is part of Cloudflare’s Anycast network and has been observed hosting multiple fraudulent cryptocurrency service impersonations. Despite limited vendor detection, the domain’s behavioral pattern—including UI replication and active phishing delivery—strongly indicates malicious intent aligned with cryptocurrency theft campaigns. The current status of trezrr-suite-en.pages.dev is active and under active phishing operations targeting Trezor users. PhishDestroy recommends blocking this domain at the network and DNS levels to prevent access. Users should verify all cryptocurrency-related websites through official Trezor channels (trezor.io or suite.trezor.com) and never input recovery phrases or private keys into third-party interfaces. Enable multi-factor authentication on Trezor devices and wallets, use hardware wallet verification for transactions, and report any suspected phishing to Trezor’s official support channels. Additionally, network administrators should add 172.66.44.75 to blocklists and monitor DNS queries for this domain to prevent internal exposure. Always cross-check wallet software using cryptographic hashes published on official Trezor repositories. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.75 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/73438786-2170-4956-b133-93e8dc8e89df - PhishDestroy: https://phishdestroy.io/domain/trezrr-suite-en.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/trezrr-suite-en.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trezrr-suite-en.pages.dev/ Last updated: 2026-03-22