# trzor-siutt.pages.dev — SUSPICIOUS > PhishDestroy identifies trzor-siutt.pages.dev hosting a fake Trezor Wallet phishing page. Only 0 of 95 VirusTotal vendors flagged it yet. Check the full report. ## Summary PhishDestroy identifies the domain trzor-siutt.pages.dev as hosting a targeted phishing campaign designed to impersonate the official Trezor Wallet, a leading hardware cryptocurrency wallet provider. The campaign is currently active and under active investigation by threat intelligence teams. The threat involves deceptive web pages that replicate Trezor’s branding to trick users into entering their recovery phrases or login credentials, thereby enabling attackers to steal cryptocurrency assets. This specific campaign uses a misleading domain that leverages the '.pages.dev' subdomain under Cloudflare Pages to host phishing content, creating a false sense of legitimacy through association with a known service provider. The risk level is currently marked as 'under_investigation' due to limited vendor detection at this time, but early indicators suggest a growing threat to cryptocurrency users. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely recognized as malicious despite its active phishing operation. It is registered through Cloudflare, Inc., resolving to the IP address 188.114.97.3. The SSL certificate is issued by Google Trust Services, which may contribute to a temporary trust signal for unsuspecting users. While the exact creation date of the domain is not available in the provided data, the absence of detections on VirusTotal suggests a relatively new or stealthily deployed campaign. The lack of blocklist entries further emphasizes the need for proactive monitoring and user education to prevent potential compromise. Trust scores remain unverified at this stage, pending broader detection and analysis. The current status of this phishing campaign is active, with no immediate signs of takedown or mitigation. Given the high-risk nature of cryptocurrency theft and the sophistication of this impersonation, users are strongly advised to verify any URL claiming to be Trezor Wallet by cross-referencing the official domain trezor.io and enabling two-factor authentication (2FA) and passphrase protection on their devices. Additionally, this domain should be blocked at the network level using firewall rules or DNS sinkholing to prevent access from organizational or personal networks. Users who suspect interaction with this phishing page should immediately revoke any exposed credentials, transfer assets to a secure wallet, and report the incident to Trezor support and relevant cybersecurity authorities. Immediate action is critical to mitigate potential financial loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4b07cf45-92ed-4885-9536-def7b4a2f3f8 - PhishDestroy: https://phishdestroy.io/domain/trzor-siutt.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/trzor-siutt.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trzor-siutt.pages.dev/ Last updated: 2026-03-24