# troz-io.pages.dev — SUSPICIOUS

> PhishDestroy identifies troz-io.pages.dev as a rogue page hosting a phishing template mimicking AI services. It has zero virus detections out of 95.

## Summary
Security teams have flagged the domain troz-io.pages.dev as an active phishing site impersonating AI-powered login interfaces. This domain, hosted on Cloudflare Pages (172.66.47.54), deploys HTTPS credentials via Google Trust Services to appear legitimate, tricking users into surrendering authentication tokens under the guise of an AI service login workflow. The template closely mirrors high-profile consumer AI platforms, leveraging dynamic subdomains to evade detection while harvesting credentials in real time.  

Analysis of troz-io.pages.dev confirms it poses a moderate-to-high risk based on current telemetry. The domain registered via Cloudflare, Inc. exhibits zero detections across 95 VirusTotal engines, suggesting a minimal footprint on automated scanning databases. Despite zero blocklist hits, the active SSL certificate (Google Trust Services) and resolved IP (172.66.47.54) are consistent with domains frequently repurposed for credential harvesting campaigns. While creation details remain obscured by Cloudflare’s privacy protections, the lack of signature coverage indicates this vector may be newly deployed or purposefully obfuscated to bypass legacy detection rules.  

If you accessed troz-io.pages.dev or entered any credentials, immediately rotate passwords for affected services and enable multi-factor authentication. Scan endpoints for unauthorized data exfiltration or persistence mechanisms, particularly in browser profiles or saved sessions. Report the domain to your security operations team and block the IP 172.66.47.54 at the network perimeter. Monitor for anomalous login attempts or AI service-related alerts within your environment.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.54

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b3316988-9f96-42c5-b113-841310664aaa
- PhishDestroy: https://phishdestroy.io/domain/troz-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/troz-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/troz-io.pages.dev/
Last updated: 2026-03-25