# trzor-suite--iio.pages.dev — SUSPICIOUS

> trzor-suite--iio.pages.dev impersonates Trezor crypto wallet to steal credentials. 0/95 VirusTotal detections as of seed 64b281.

## Summary
PhishDestroy identifies trzor-suite--iio.pages.dev as a live phishing page that masquerades as the official Trezor hardware wallet. The site lures cryptocurrency users into entering their recovery phrases or private keys under the guise of a ‘suite update’. Once submitted, the credentials are harvested and sent to attacker-controlled servers, giving fraudsters full control over victims’ wallets and funds.  The domain was flagged by PhishDestroy under seed 64b281. VirusTotal currently shows 0 detections out of 95 engines, indicating it has evaded most antivirus scanners to date. It resolves to IP address 188.114.96.3 and is fronted by Cloudflare’s proxy service, while its SSL certificate is issued by Google Trust Services to appear legitimate. These tactics are typical of fast-flux phishing infrastructures that rapidly change hosting and routing to prolong uptime.  If you visited trzor-suite--iio.pages.dev, immediately disconnect from the internet and open your password manager or hardware wallet app to check for unauthorized transactions. Do not enter any seed phrases, private keys, or wallet passwords on this domain. Revoke any browser permissions granted to the page and run a full antivirus scan. Report the URL to PhishDestroy and your wallet provider to help block future campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6870b9cf-31d8-4a01-8b9a-f60ce5cee5f9
- PhishDestroy: https://phishdestroy.io/domain/trzor-suite--iio.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trzor-suite--iio.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trzor-suite--iio.pages.dev/
Last updated: 2026-03-24