# trzudib.ndia2.workers.dev — SUSPICIOUS

> PhishDestroy identifies trzudib.ndia2.workers.dev as a credential harvesting domain with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies the domain trzudib.ndia2.workers.dev as an active credential harvesting phishing page, currently under investigation with a risk level of 'under_investigation'. The threat involves fraudulent impersonation of a legitimate service, though the specific brand or entity has not been disclosed in available intelligence. This domain is actively distributing malicious content designed to steal user credentials, posing a direct risk to unsuspecting visitors.  This domain was flagged by 0 of 95 VirusTotal vendors, indicating it remains undetected by most antivirus engines as of the latest scan. Registered through Cloudflare, Inc., the domain resolves to IP address 188.114.97.3 and operates under a Google Trust Services SSL certificate. While the creation date is not explicitly provided in the intelligence, the absence of detections suggests it is a recently deployed or stealthily operated phishing infrastructure. The lack of blocklist entries and neutral trust scores further complicate early detection efforts, increasing the potential for successful exploitation.  Current status of this domain remains active, with no confirmed takedown actions recorded. Users and organizations are advised to block access to trzudib.ndia2.workers.dev at the network level to prevent accidental exposure. Additionally, security teams should monitor for related domains or infrastructure sharing the same IP or registrar, as threat actors often reuse resources in quick succession. Immediate reporting to relevant cybersecurity authorities (e.g., CERT, FBI IC3) is recommended to aid in global takedown efforts. Regularly updated threat intelligence feeds should be consulted to track the evolving status of this domain.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d4710027-c2fb-4370-92a1-609e42ed1f06
- PhishDestroy: https://phishdestroy.io/domain/trzudib.ndia2.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/trzudib.ndia2.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trzudib.ndia2.workers.dev/
Last updated: 2026-03-30