# trustwallet-rpcsync.pages.dev — MALICIOUS > PhishDestroy identifies trustwallet-rpcsync.pages.dev as an active brand impersonation phishing site mimicking Trust Wallet. VirusTotal score 13/95. ## Summary PhishDestroy identifies trustwallet-rpcsync.pages.dev as an active brand impersonation campaign targeting Trust Wallet users. This domain uses a deceptive URL structure designed to mimic Trust Wallet’s official domains, deceiving users into entering sensitive wallet credentials. The infrastructure suggests a coordinated phishing operation leveraging Cloudflare Pages for hosting and Google Trust Services for SSL validation, likely to bypass traditional browser warnings. No drainer kit artifacts (e.g., Etherscan-linked contracts or clipboard hijackers) were detected in open-source feeds at time of analysis, indicating a credential harvesting focus. This domain was flagged by 13 out of 95 VirusTotal security vendors, with a VT community score of 60% malicious. Registered through Cloudflare, Inc., it resolves to IP 188.114.97.3 and is protected by a Google Trust Services SSL certificate. The domain was created recently and is not currently flagged by Google Safe Browsing. It has been identified on one public blocklist, indicating emerging but not yet widespread threat status. This domain remains active and poses an elevated risk to cryptocurrency users. Trust Wallet’s official domains (e.g., trustwallet.com) and verified channels should be used for all interactions. Users are advised to verify all URLs via official Trust Wallet channels before entering credentials. Wallet providers and security teams are urged to block 188.114.97.3 and monitor for associated certificate reuse. Residual risk remains moderate due to domain’s Cloudflare-backed evasion tactics and SSL legitimacy, requiring continued vigilance and proactive network-level blocking. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Trust Wallet ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f4f6dd9b-4185-403e-89d8-5375d4e3a65b - PhishDestroy: https://phishdestroy.io/domain/trustwallet-rpcsync.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/trustwallet-rpcsync.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trustwallet-rpcsync.pages.dev/ Last updated: 2026-03-23