# trezriiuoretiorsrt.gitbook.io — MALICIOUS

> trezriiuoretiorsrt.gitbook.io impersonated Trezor in a high-risk scam. Learn why this domain is flagged and currently offline for your safety.

## Summary
PhishDestroy identifies trezriiuoretiorsrt.gitbook.io as a high-risk domain engaged in brand impersonation targeting Trezor. This domain posed a significant threat by mimicking the legitimate Trezor brand to deceive users, potentially leading to credential theft or fraud.

The domain was registered through Cloudflare, Inc. on March 30, 2014, and resolved to IP 104.18.40.47. It displayed a page titled "Trezor.io/Start | us," closely resembling the official Trezor site. Security intelligence confirms it appeared on one security blocklist and was flagged by 17 out of 95 VirusTotal vendors, underscoring its malicious intent and infrastructure used for phishing.

Currently, trezriiuoretiorsrt.gitbook.io is offline, mitigating further risk. Users and organizations are advised to remain vigilant against similar brand impersonation attempts. Blocking this domain and monitoring related threats can help prevent credential compromise and protect sensitive information.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Trezor
- Page title: Trezor.io/Start | us

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.40.47
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "DNS8", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccaf5-e588-76bb-944b-cbd9ef93b337.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3ffe144b-2d28-4efd-95d4-9c342e7b135f
- Wayback Machine: https://web.archive.org/web/https://trezriiuoretiorsrt.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/trezriiuoretiorsrt.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/trezriiuoretiorsrt.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trezriiuoretiorsrt.gitbook.io/
Last updated: 2026-03-19