# trezor-login-start-us-web-sso.typedream.app — MALICIOUS > trezor-login-start-us-web-sso.typedream.app is a Trezor brand impersonation phishing domain flagged by 20/95 VirusTotal scanners. ## Summary PhishDestroy identifies trezor-login-start-us-web-sso.typedream.app as an active Trezor brand impersonation domain designed to deceive users into surrendering cryptocurrency wallet credentials. The threat type is specifically brand impersonation, not generic phishing, as it directly mimics Trezor’s official login portal to exploit user trust in the brand. This attack vector is highly effective due to the trust users place in hardware wallet providers, creating an elevated risk of credential theft and financial loss. This domain was flagged on VirusTotal with a score of 20 out of 95 security vendors, indicating partial detection but insufficient coverage to prevent widespread compromise. It resolves to IP address 188.114.97.3 and operates under the subdomain typedream.app, which is a known dynamic DNS service frequently abused by threat actors. The domain carries a Google Trust Services SSL certificate, a tactic commonly used to lend legitimacy to malicious sites. It has appeared on the OpenPhish blocklist and at least one other security blocklist, confirming its malicious reputation. This infrastructure pattern—combining dynamic hosting, trusted SSL certificates, and weak detection—is characteristic of agile phishing operations designed to evade static defenses. Users should immediately avoid accessing this domain and verify any Trezor login links by navigating directly to trezor.io or using the official Trezor Suite application. Hardware wallet users are advised to enable two-factor authentication, bookmark official URLs, and inspect browser address bars for subtle misspellings or unusual domains. Security teams should blacklist this domain, IP address (188.114.97.3), and the typedream.app domain across all security controls. Implementing DNS filtering, email content inspection, and user security awareness training on brand impersonation risks are critical mitigations. Report this domain to Trezor’s abuse team and all relevant blocklists to protect the broader community from credential harvesting attacks. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Trezor ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 188.114.97.3 ## Detection Status - VirusTotal: 20 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/147728ee-b407-4742-9363-81bba82e55de - PhishDestroy: https://phishdestroy.io/domain/trezor-login-start-us-web-sso.typedream.app/ - LLM endpoint: https://phishdestroy.io/domain/trezor-login-start-us-web-sso.typedream.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trezor-login-start-us-web-sso.typedream.app/ Last updated: 2026-04-12