# ultrabaserpc.xyz — SUSPICIOUS

> UltraBaseRPC.xyz has been flagged for advanced cryptocurrency phishing attacks. 0/95 VirusTotal detections so far. Check the full report.

## Summary
PhishDestroy identifies UltraBaseRPC.xyz as an active cryptocurrency phishing domain posing as a legitimate RPC endpoint provider.    This domain was flagged due to its involvement in a novel cryptocurrency phishing campaign. Current intelligence shows 0 detections out of 95 scanners on VirusTotal, indicating it has not yet been widely blacklisted despite its malicious activities. The domain is registered through Cosmotown Inc, resolves to IP 104.21.16.138, and was created on July 24, 2025. Notably, it holds an SSL certificate issued by Google Trust Services, which may be leveraged to appear more legitimate to potential victims.    The use of a recently created domain (July 24, 2025) combined with a trusted SSL certificate creates a deceptive appearance likely intended to trick cryptocurrency users into connecting their wallets or exposing private RPC credentials. Attackers often exploit newly registered domains with clean reputations to bypass early detection systems. The absence of detections (0/95) suggests this threat is still in its early stages, making it particularly dangerous for unaware users. To mitigate risk, users should avoid interacting with UltraBaseRPC.xyz entirely and verify all RPC endpoints through official project documentation. Cryptocurrency holders should also ensure their wallet software is updated to the latest version and use hardware wallets where possible to prevent unauthorized RPC connections.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-24 13:34:44
- Registrar: Cosmotown Inc
- IP: 104.21.16.138

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/43dcadfa-86a6-4f01-a138-41a8a6158fe0
- PhishDestroy: https://phishdestroy.io/domain/ultrabaserpc.xyz/
- LLM endpoint: https://phishdestroy.io/domain/ultrabaserpc.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ultrabaserpc.xyz/
Last updated: 2026-03-22