# trust-un-wlautg.gitbook.io — SUSPICIOUS

> Trust-un-wlautg.gitbook.io is a counterfeit United Nations credential harvesting page. Virustotal shows 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies trust-un-wlautg.gitbook.io as an active phishing domain masquerading as the United Nations authentication portal. The page employs a drainer kit designed to harvest user credentials under the guise of a legitimate UN login form. The infrastructure is hosted on GitBook, leveraging the platform’s credibility to deceive victims. Initial analysis confirms the domain’s sole purpose is credential theft, with no benign or legitimate content detected during reconnaissance.


This domain was flagged with a generic phishing IOC and remains under active investigation. Technical indicators include a VirusTotal detection score of 0/95, registration through Cloudflare, Inc., resolution to IP 172.64.147.209, and a creation date of March 30, 2014. The domain utilizes a Google Trust Services SSL certificate, and the brand impersonated is the United Nations. Notably, the domain has not yet been flagged by Google Safe Browsing (GSB) or added to any major blocklists, indicating a low detection footprint.


As of this advisory, the domain status is active and the threat level is under investigation. Security teams are advised to block the domain at the network perimeter and monitor for outbound connections to 172.64.147.209. While the immediate risk remains low due to the absence of detections, the potential for widespread compromise exists given the domain’s age and legitimate appearance. Users are urged to verify URLs before entering credentials and report any interaction with this domain immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 172.64.147.209

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5dfa0a58-87de-4d07-b6e6-7ffc2d12b285
- PhishDestroy: https://phishdestroy.io/domain/trust-un-wlautg.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/trust-un-wlautg.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trust-un-wlautg.gitbook.io/
Last updated: 2026-03-23