# io-en-us-trustwallet.pages.dev — SUSPICIOUS > io-en-us-trustwallet.pages.dev impersonates Trust Wallet as a crypto drainer. VirusTotal shows 0/95 detections. Do not interact. ## Summary PhishDestroy identifies io-en-us-trustwallet.pages.dev as an active brand impersonation domain targeting Trust Wallet users. This site is currently under investigation for attempting to deceive victims into connecting malicious cryptocurrency wallets or divulging sensitive credentials under the guise of official Trust Wallet branding. Users should treat this domain with extreme caution and avoid any interaction to prevent potential asset loss. This domain was flagged with a VirusTotal detection rate of 0 detections out of 95 scanners as of the latest analysis, indicating it has evaded most antivirus engines at this time. The domain is registered through Cloudflare, Inc., resolving to IP address 188.114.96.3, and holds an SSL certificate issued by Google Trust Services. The Cloudflare Pages subdomain structure and Google-issued certificate are commonly abused by threat actors to lend false legitimacy to phishing infrastructure. No current blocklist entries were detected during passive DNS checks, further highlighting its recent activation and stealthy deployment. This threat specifically aligns with brand impersonation tactics used by crypto drainer campaigns, where attackers mimic legitimate wallet or exchange interfaces to trick users into connecting fraudulent wallets that drain funds via smart contract approvals or direct transfers. Given the absence of detection on VirusTotal and the use of reputable infrastructure (Cloudflare, Google Trust Services), the risk of successful compromise is elevated. Immediate mitigation includes blocking the domain at the network and DNS levels, revoking any previously granted wallet permissions, and educating users to verify domain spelling and use official Trust Wallet applications or websites. Additionally, users should monitor connected wallets for unauthorized transactions and consider revoking suspicious smart contract approvals via tools such as Etherscan’s approval checker or wallet-native revoke features. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Trust Wallet ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/57a5fed0-fea2-415b-920f-321b1cac18df - PhishDestroy: https://phishdestroy.io/domain/io-en-us-trustwallet.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/io-en-us-trustwallet.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/io-en-us-trustwallet.pages.dev/ Last updated: 2026-03-26