# en-us-trzeo-iosrt.pages.dev — SUSPICIOUS

> en-us-trzeo-iosrt.pages.dev phishes iOS users with Google Trust SSL via Cloudflare. See why 0/95 VirusTotal missed it. Check the full report.

## Summary
PhishDestroy identifies en-us-trzeo-iosrt.pages.dev as an active Google Trust-themed phishing site specifically targeting Apple iOS users. The domain resolves to IP 188.114.97.3 through Cloudflare and relies on a Google Trust Services SSL certificate to masquerade as legitimate, exploiting user trust in well-known brands. Analysis shows zero detections on VirusTotal (0/95 engines), highlighting how static scanners often miss sophisticated browser-based scams that rely on lookalike interfaces and real-time content delivery. This domain was flagged while impersonating Apple's software update portals, a tactic commonly used to harvest Apple ID credentials or deploy malware under the guise of security alerts.


Registered infrastructure indicates this domain was provisioned through Cloudflare, Inc., leveraging their edge network to evade hosting-level takedowns and persist with minimal downtime. While the SSL certificate issuance through Google Trust Services adds to its authenticity, the certificate itself is valid only for the phishing domain, not Apple’s official services. Current threat intelligence shows this site remains active with no active blocklist entries as of the latest scan, allowing it to operate unchallenged in phishing feeds. The use of Cloudflare’s proxy also conceals the true origin and operator, complicating attribution and takedown efforts.


Users who visited en-us-trzeo-iosrt.pages.dev should immediately check for unauthorized Apple ID logins, revoke suspicious sessions, and scan devices for malware using trusted antivirus tools. If you entered credentials, change your Apple ID password immediately and enable two-factor authentication. Avoid clicking on unexpected update prompts or links claiming to be from Apple—always navigate directly to apple.com via a verified browser session. Report any interactions with this domain to your security team or via PhishDestroy’s submission portal using seed fcea39 for tracked analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/en-us-trzeo-iosrt.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/en-us-trzeo-iosrt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-trzeo-iosrt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-trzeo-iosrt.pages.dev/
Last updated: 2026-04-08