# logen-trezor-hub.pages.dev — MALICIOUS

> logen-trezor-hub.pages.dev is a phishing domain mimicking Trezor. Stay vigilant and avoid interaction. Learn more on PhishDestroy.

## Summary
PhishDestroy classifies logen-trezor-hub.pages.dev as a high-risk phishing domain engaging in brand impersonation targeting Trezor. This classification is due to its clear intent to deceive users by mimicking a trusted cryptocurrency hardware wallet brand to potentially steal sensitive information or credentials.

This malicious domain was registered recently on February 21, 2026, through Cloudflare, Inc., and resolved to the IP address 172.66.47.121. It appears on at least one security blocklist and was flagged by 14 out of 95 VirusTotal security vendors, reinforcing its malicious nature. The page title identified as “Suspected phishing site | Cloudflare” further corroborates the analysis. The domain's structure and naming convention are designed to confuse users into believing it is affiliated with the legitimate Trezor brand.

Currently, the domain has been taken offline, mitigating immediate risks. Users are advised to refrain from visiting or interacting with any pages under this domain. Organizations should update their threat intelligence and block this domain in their security controls. Continued vigilance against similar brand impersonation threats is essential to protect users from credential theft and financial fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.121
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["desiree.ns.cloudflare.com", "chase.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a3206-b198-752b-8820-27bfe2d72eba.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0ba9d119-f0ee-485d-a042-5b8a8cf03f14
- PhishDestroy: https://phishdestroy.io/domain/logen-trezor-hub.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/logen-trezor-hub.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/logen-trezor-hub.pages.dev/
Last updated: 2026-03-19