# trezorft.gitbook.io — MALICIOUS

> Discover why trezorft.gitbook.io is flagged for high-risk Trezor impersonation. Learn what this means and how to stay protected.

## Summary
PhishDestroy identifies trezorft.gitbook.io as a high-risk brand impersonation domain targeting Trezor users. Brand impersonation attacks are dangerous because they deceive victims into trusting fraudulent sites, potentially leading to credential theft or loss of cryptocurrency assets.

This domain was registered on March 30, 2014, and resolved to IP address 104.18.40.47. It was registered through Cloudflare, Inc. and showed malicious intent by appearing on one security blocklist. VirusTotal flags 16 out of 95 security vendors for this domain. Currently, the domain is offline, which may limit its immediate threat but does not rule out future activity.

Users are advised to avoid interacting with trezorft.gitbook.io. Always verify URLs directly from official brand channels and use hardware wallet sites with caution. If you have visited this domain recently, consider scanning devices for malware and changing any credentials that may have been exposed. Staying vigilant helps prevent falling victim to such sophisticated phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.40.47
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "DNS8", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccd44-9674-728e-92db-22161b8204db.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5c86bf4f-9964-4a82-83d7-f004554ca6f7
- Wayback Machine: https://web.archive.org/web/https://trezorft.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/trezorft.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/trezorft.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezorft.gitbook.io/
Last updated: 2026-03-19