# trezortyostart.gitbook.io — MALICIOUS > PhishDestroy identifies trezortyostart.gitbook.io as impersonating Trezor, with 19/95 VirusTotal detections. ## Summary PhishDestroy identifies trezortyostart.gitbook.io as an active Trezor brand impersonation domain engaged in phishing operations. This domain directly mimics official Trezor branding and documentation to deceive cryptocurrency users into disclosing sensitive wallet credentials or downloading malicious software. Attackers leverage the GitBook platform's subdomain structure to appear legitimate while hosting fraudulent content that targets Trezor hardware wallet users. Users who interact with this domain risk financial loss through credential harvesting or cryptocurrency theft via fake recovery tools. This domain was flagged by security researchers for its malicious impersonation of Trezor, and exhibits multiple red flags for fraudulent activity. VirusTotal analysis shows 19 out of 95 security vendors flagging this domain as malicious, while security blocklists have already incorporated this indicator. The domain was registered through Cloudflare, Inc, with the GitBook subdomain created on March 30, 2014, indicating long-term abuse potential. The hosting infrastructure resolves to IP address 172.64.147.209, which shows connections to previous phishing infrastructure. These technical indicators, combined with the domain's specific impersonation of Trezor's brand identity, create an elevated risk profile for cryptocurrency users seeking legitimate wallet support or documentation. Users who have visited trezortyostart.gitbook.io should immediately assess whether they entered any cryptocurrency wallet credentials or recovery phrases. If any information was provided, transfer remaining funds to a new, secure wallet immediately. Revoke any API keys or permissions that may have been exposed. Clear browser cache and cookies, then perform a full antivirus scan. Report the incident to Trezor's official support channels and consider changing passwords for associated email accounts. For future protection, bookmark only official Trezor domains and verify any support links through the company's verified social media accounts or official website trezor.io. Using hardware wallet verification tools from legitimate sources remains critical to prevent falling victim to similar impersonation campaigns. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Trezor ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 172.64.147.209 ## Detection Status - VirusTotal: 19 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f0e90412-b548-451a-b88a-f91e14fd73d7 - PhishDestroy: https://phishdestroy.io/domain/trezortyostart.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/trezortyostart.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trezortyostart.gitbook.io/ Last updated: 2026-03-21