# portal-trust-wallet-ext-nav.pages.dev — SUSPICIOUS > portal-trust-wallet-ext-nav.pages.dev impersonates Trust Wallet to steal crypto via a malicious browser extension. 1/95 VirusTotal engines detect this threat. ## Summary PhishDestroy identifies portal-trust-wallet-ext-nav.pages.dev as an active brand-impersonation domain targeting Trust Wallet users. The site masquerades as the official Trust Wallet extension navigation portal, luring victims into installing a malicious browser extension designed to drain cryptocurrency wallets. This domain is part of a growing trend where threat actors abuse Cloudflare Pages to host convincing fake portals that mimic legitimate crypto wallet interfaces, exploiting trust in well-known brands to bypass user skepticism. Threat analysis indicates the extension functions as a cryptocurrency drainer kit, capable of intercepting wallet connections and unauthorized fund transfers. This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal detection score of 1/95 security vendors, Cloudflare, Inc. as the domain registrar via Cloudflare Pages, resolution to IP 172.66.46.243, and an SSL certificate issued by Google Trust Services. The domain leverages Cloudflare's infrastructure to enhance credibility and evade takedowns. As of the latest scan, this domain remains unlisted on major blocklists such as Google Safe Browsing (GSB), contributing to its elevated risk profile. The combination of low detection rates, reputable hosting, and brand impersonation creates a high-risk threat vector for cryptocurrency users. As of the current investigation, portal-trust-wallet-ext-nav.pages.dev remains active and poses an elevated risk to users seeking Trust Wallet extensions. PhishDestroy recommends immediate blocking of this domain and IP address at the network perimeter to prevent access. Users should verify any Trust Wallet-related downloads exclusively from the official trustwallet.com domain or trusted app stores. While mitigation efforts are ongoing, the remaining risk includes potential undetected infections from users who may have already accessed the site. Continuous monitoring and proactive user education on verifying browser extension sources are critical to reducing exposure to this and similar threats. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Trust Wallet ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.243 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/625f68ea-dc6e-4408-bd41-69cf7575b455 - PhishDestroy: https://phishdestroy.io/domain/portal-trust-wallet-ext-nav.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/portal-trust-wallet-ext-nav.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/portal-trust-wallet-ext-nav.pages.dev/ Last updated: 2026-03-23