# i.gettrustpayment.live — SUSPICIOUS > Warning: i.gettrustpayment.live is a crypto drainer impersonating Trust Payment. Scan this domain on PhishDestroy to verify its legitimacy and protect your. ## Summary PhishDestroy identifies the domain i.gettrustpayment.live as a generic phishing site currently under investigation for hosting a cryptocurrency drainer kit. The domain is engineered to impersonate legitimate payment processing services, specifically mimicking Trust Payment to deceive users into connecting their crypto wallets. This type of attack is designed to siphon cryptocurrency funds directly upon wallet connection, leveraging social engineering tactics that exploit trust in well-known payment processors. The infrastructure appears to be freshly provisioned, likely targeting unsuspecting users in a rapid, opportunistic campaign. This domain resolves to IP address 185.246.190.216 and is protected by a Let's Encrypt SSL certificate, which may be used to lend an appearance of legitimacy. VirusTotal currently reports 0 detections out of 95 analysis engines, indicating that traditional antivirus signatures have not yet flagged this domain. The domain is registered through a privacy-protected registrar, obscuring ownership details, and was created recently (exact date not specified in available data). Google Safe Browsing (GSB) status is currently unlisted, and the domain has not been added to any major public blocklists as of this report. These factors suggest the threat actor is operating with low visibility, likely to avoid early detection while the campaign gains traction. The domain remains active and is classified as a generic phishing threat pending further forensic analysis. PhishDestroy has flagged this domain for immediate scrutiny due to its high-risk potential, particularly for users in the cryptocurrency ecosystem. Security teams are advised to monitor this domain for changes in infrastructure or threat behavior. Users are strongly encouraged to verify the legitimacy of any payment-related domains via PhishDestroy before engaging, as this domain is not yet widely blocked and may evade traditional security measures. The remaining risk is assessed as moderate to high, given the domain's active status, lack of detections, and the prevalence of crypto drainer campaigns targeting payment processors. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 185.246.190.216 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/i.gettrustpayment.live - PhishDestroy: https://phishdestroy.io/domain/i.gettrustpayment.live/ - LLM endpoint: https://phishdestroy.io/domain/i.gettrustpayment.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/i.gettrustpayment.live/ Last updated: 2026-04-04