# trustydrugsstore.com — MALICIOUS > trustydrugsstore.com is a counterfeit pharmacy phishing site flagged by 9 of 95 VirusTotal vendors. Avoid this domain to prevent exposure to fake prescription. ## Summary PhishDestroy identifies trustydrugsstore.com as an active counterfeit pharmacy phishing domain posing elevated risk to end users. This domain is not affiliated with any legitimate pharmaceutical retailer and is designed to deceive victims into purchasing counterfeit or unsafe medications while harvesting sensitive financial and personal data. The threat actor behind this infrastructure has established a rapidly deployed domain with clear malicious intent, as evidenced by its recent creation and immediate detection by multiple security vendors. This domain resolves to IP address 141.98.11.218 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 07, 2025. According to VirusTotal analysis, 9 out of 95 security vendors have flagged this domain as malicious, indicating significant but not universal detection coverage at this time. The domain utilizes a Let's Encrypt SSL certificate to establish false trustworthiness, a common tactic among phishing operators to appear legitimate. The recent registration date (April 7, 2025) suggests this is a newly established campaign with potentially limited historical data available for analysis. As of the latest assessment, trustydrugsstore.com remains active and represents an elevated threat to users seeking pharmaceutical products online. The domain's use of NICENIC INTERNATIONAL GROUP CO., LIMITED as registrar and its hosting on IP 141.98.11.218 should be treated as indicators of compromise. Organizations and individuals are strongly advised to block this domain at the network perimeter and DNS level immediately. Users who may have accessed this domain should scan their devices for potential malware infections and review financial transactions for unauthorized activity. Security teams should monitor for connections to this IP address and consider it a high-confidence threat indicator. The Let's Encrypt certificate should not be considered a trust signal given the domain's malicious categorization. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-04-07 11:09:02 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 141.98.11.218 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/3e4ae675-ade0-4733-bd43-7622a5324404 - PhishDestroy: https://phishdestroy.io/domain/trustydrugsstore.com/ - LLM endpoint: https://phishdestroy.io/domain/trustydrugsstore.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trustydrugsstore.com/ Last updated: 2026-03-27