# trezuur-login.pages.dev — MALICIOUS

> trezuur-login.pages.dev is a credential theft domain flagged by 9 of 95 VirusTotal vendors. This Cloudflare-hosted site impersonates a financial brand to steal.

## Summary
PhishDestroy identifies trezuur-login.pages.dev as an active credential theft domain leveraging brand impersonation to harvest user credentials. The domain is currently operational and poses an elevated risk to unsuspecting users. This investigation confirms the threat actor's use of deceptive login pages to capture sensitive authentication data, which may lead to unauthorized access and financial loss.


This domain was flagged by 9 of 95 VirusTotal security vendors, indicating widespread suspicion among threat intelligence platforms. The domain is registered through Cloudflare, Inc., resolves to IP address 188.114.97.3, and holds a Google Trust Services SSL certificate, which may enhance its perceived legitimacy. Additional technical indicators include its deployment on Cloudflare Pages, a platform often abused for phishing due to its free hosting and rapid deployment capabilities. The domain's recent creation and low trust scores further suggest malicious intent, with no established reputation in legitimate ecosystems.


The domain remains active and should be treated as a high-risk threat. Immediate action is required to block trezuur-login.pages.dev at the network perimeter, email gateways, and endpoint security solutions. Users should be warned against interacting with this domain and any associated login prompts. Organizations are advised to update blocklists, monitor for credential leaks, and conduct security awareness training to mitigate the risk of credential theft. Further, investigate any potential compromise of credentials submitted to this domain to prevent downstream attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/trezuur-login.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/trezuur-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/trezuur-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezuur-login.pages.dev/
Last updated: 2026-04-02