# tsruxtwallct.gitbook.io — SUSPICIOUS > Warning: tsruxtwallct.gitbook.io impersonates a crypto drainer via a fake login portal. Verify safety on PhishDestroy—VT shows 0/95 detections. ## Summary PhishDestroy identifies tsruxtwallct.gitbook.io as an active crypto drainer phishing domain under investigation. This domain is designed to trick users into connecting cryptocurrency wallets and drain funds under the guise of legitimate login or transaction pages. The threat type is specifically categorized as a crypto drainer, which lures victims through deceptive interfaces mimicking trusted platforms. This domain was flagged with a risk level of under_investigation and exhibits several technical indicators of malicious intent. VirusTotal analysis returned 0 detections out of 95 engines, indicating it remains undetected by current antivirus signatures. The domain was registered through Cloudflare, Inc on March 30, 2014, resolving to IP address 172.64.147.209. It holds an SSL certificate issued by Google Trust Services, which may falsely suggest legitimacy. Despite these attributes, the absence of blocklist entries and low trust scores from threat intelligence platforms align with the behavior of emerging phishing infrastructure targeting cryptocurrency users. Mitigation for this crypto drainer phishing domain involves immediate avoidance of any interaction with tsruxtwallct.gitbook.io or its associated links. Users who suspect exposure should disconnect wallets, revoke any suspicious permissions, and scan systems for malware. Always verify URLs through PhishDestroy’s database before entering credentials or connecting wallets. Report any encounters with this domain to PhishDestroy for further analysis. Exercise caution with shortened URLs or domains hosted on GitBook that facilitate crypto transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 172.64.147.209 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/edeced6b-72cb-4e1b-a092-3190d0b8e288 - PhishDestroy: https://phishdestroy.io/domain/tsruxtwallct.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/tsruxtwallct.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tsruxtwallct.gitbook.io/ Last updated: 2026-03-23