# trezzor-eng-brdge.pages.dev — SUSPICIOUS > trezzor-eng-brdge.pages.dev mimics Trezor Bridge in a fake phishing campaign with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies trezzor-eng-brdge.pages.dev as a live phishing domain masquerading as the legitimate Trezor Bridge service, a tool used by cryptocurrency hardware wallet users to facilitate secure transactions. The threat type is a cryptocurrency drainer kit deployment, specifically targeting Trezor users with a spoofed interface designed to harvest private keys, seed phrases, and other sensitive wallet data. The domain utilizes a visually similar naming convention ('trezzor' vs. 'trezor') and is hosted under Cloudflare Pages, leveraging the Pages.dev subdomain to appear innocuous while hosting malicious content. No legitimate software distribution or security service operates from this domain, and the interface is falsified to prompt users for wallet credentials under the guise of a 'bridge' update or security verification. This domain exhibits several technical indicators that warrant further inspection. VirusTotal currently reports a detection score of 0/95, indicating no active signatures have been updated to flag this domain as malicious at the time of analysis. The domain resolves to IP address 188.114.96.3, which is associated with Cloudflare’s infrastructure and is consistent with phishing pages hosted on Cloudflare Pages. The SSL certificate is issued by Google Trust Services, a common practice among both legitimate and malicious domains to avoid browser warnings about insecure connections. The domain was registered through Cloudflare, Inc., though the exact creation date is not publicly available due to Cloudflare’s privacy protections. Google Safe Browsing (GSB) has not yet blacklisted this domain, and the total number of blocklist entries remains at zero, reflecting its recent emergence in the threat landscape. The absence of detections and blocklist entries suggests this campaign is either newly launched or employs evasion techniques to delay detection. The current status of trezzor-eng-brdge.pages.dev is active and under active threat investigation as of the latest forensic analysis. Security researchers should treat this domain with high suspicion due to its intent to deceive and its current lack of detection signatures. Immediate response actions include updating threat intelligence feeds to include this domain and blocking both the domain and IP address at the network perimeter. Users are advised to avoid interacting with this domain entirely, verify any Trezor-related updates directly through the official website (trezor.io), and use hardware wallet verification tools that do not rely on web interfaces. The remaining risk is elevated due to the domain’s low detection score and the high potential for credential harvesting among unsuspecting Trezor users. This campaign highlights the sophisticated nature of cryptocurrency phishing attacks, where threat actors exploit trust in well-known brands to rapidly deploy drainer kits before detection systems catch up. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/af9097bf-a792-4238-b055-98d18646785d - PhishDestroy: https://phishdestroy.io/domain/trezzor-eng-brdge.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/trezzor-eng-brdge.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trezzor-eng-brdge.pages.dev/ Last updated: 2026-04-12