# connect-trust--app.gitbook.io — SUSPICIOUS

> connect-trust--app.gitbook.io is a suspected crypto drainer impersonating Trust Wallet. VirusTotal shows 0/95 detections as of seed f09d4a.

## Summary
PhishDestroy identifies connect-trust--app.gitbook.io as an active crypto drainer impersonating Trust Wallet. This GitBook-hosted domain leverages deceptive branding to trick users into connecting wallets and draining funds. The page mimics Trust Wallet’s interface and prompts users to link their wallets for fraudulent ‘rewards’ or ‘security updates,’ a common tactic in cryptocurrency credential theft campaigns. No specific drainer kit (e.g., MetaMask Snaps, WalletConnect payloads) has been publicly documented yet, but the infrastructure and lures align with known crypto drainer operations.  This domain was flagged with 0/95 detections on VirusTotal as of seed f09d4a. It is registered through Cloudflare, Inc., resolves to IP 172.64.147.209, and holds a Google Trust Services SSL certificate. The domain was created on March 30, 2014, and has not been flagged by Google Safe Browsing (GSB) or other major blocklists. The low detection rate and clean history suggest recent compromise or rapid evasion tactics.  The investigation remains active with under-investigation status. Users are advised to block the domain at DNS/network level, report the page to Trust Wallet’s abuse channels, and avoid interacting with any Trust Wallet-branded links from untrusted sources. Remaining risk is moderate due to low detection and potential for rapid propagation. Organizations should monitor for similar impersonation domains and update DNS blocklists accordingly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 172.64.147.209

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/99e7ab85-7f58-4b27-96c2-d615ece40867
- PhishDestroy: https://phishdestroy.io/domain/connect-trust--app.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/connect-trust--app.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/connect-trust--app.gitbook.io/
Last updated: 2026-03-23