# serviceplatform.ghost.io — SUSPICIOUS

> serviceplatform.ghost.io poses a medium threat by impersonating Trezor. Users should verify site authenticity to protect their credentials and assets.

## Summary
PhishDestroy identifies serviceplatform.ghost.io as a medium-risk phishing domain involved in brand impersonation targeting Trezor users. The domain is active and attempts to deceive users by mimicking official Trezor branding and page titles.

Evidence shows the domain resolves to an IPv6 address (2a04:4e42:200::775) and is registered through 1API GmbH since 2011. VirusTotal flags it by a minority of security vendors, and it appears on one security blocklist. The domain’s use of the Ghost.io platform for hosting indicates the leveraging of legitimate infrastructure for malicious intent.

Users are advised to avoid entering personal or security information on this domain and confirm the authenticity of Trezor-related websites by visiting official sources. Organizations should monitor related phishing activity, update blocklists accordingly, and educate users on recognizing brand impersonation attempts to reduce exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 402)
- Target brand: Trezor
- Page title: Trézor Suite® | Getting Started | TreZor® (Official)

## Domain Intelligence
- Registered: 2011-10-01 00:00:00
- Expires: 2028-10-01 00:00:00
- Registrar: 1API GmbH
- Country: Germany
- IP: 2a04:4e42:200::775
- Nameservers: sara.ns.cloudflare.com woz.ns.cloudflare.com

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Chong Lua Dao", "Webroot", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Live Page Content

### Page Text
Site unavailable What is Ghost? Site unavailable. If you're the owner, email us on support@ghost.org

### External Links
- https://ghost.org/

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b75c2-ee05-7605-afc4-c6e6fb4b9561.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b51e7e4c-376f-462f-ac86-585aea445985
- PhishDestroy: https://phishdestroy.io/domain/serviceplatform.ghost.io/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/serviceplatform.ghost.io/
Last updated: 2026-03-14