
Truist phishing & impersonation
Bankingtruist.com
1
Impersonation sightings
1
Distinct hosts
2026-07-01
Last detected
1
Official domains
ScanMalware watches every scanned site for signs it is impersonating Truist — the brand name in the page title or screenshot text, the brand's logo/favicon on a non-official host, and lookalike domains. A match on a host outside Truist's official domains is recorded below.
Official domains
truist.com
Also known as
truist bankbb&tsuntrust
Detected impersonation sites
| Host | Title | Detected by | Verdict | Date | |
|---|---|---|---|---|---|
| blob:https://pub-3261d955f2e340558a0b359b22482c70.r2.dev/ebb88579-e0f1-4bc1-a2f8-4e7d3613c26c | Truist Online Banking Login | Truist | Page text | {"verdict": "Medium Risk", "confidence": 37, "risk level": "medium", "risk factors": ["Suspicious URL Patterns", "Brand Impersonation (Truist)", "Blob URL Detected"], "overall score": 37, "recommendations": ["⚡ Exercise caution when visiting this website", "🛡️ Ensure your browser and antivirus are up to date"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Truist branding on non-official domain ()"], "password fields": 2, "impersonated brand": "Truist", "brand mismatch detected": true, "impersonated brand slug": "truist", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 0, "issues": ["⚠️ CRITICAL: Blob URL detected as final destination (common phishing technique)"], "positive signals": [], "suspicious patterns": ["Blob URL used to hide phishing content", "Encoded URL/query string embedded in path"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 1, "total risk": 0, "valid count": 1, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 2, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 15, "issues": ["Blob URL detected in redirect chain"], "total redirects": 2, "blob url detected": true, "protocol downgrades": 0, "suspicious patterns": 1, "cross domain redirects": 1, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Blob URL detected as final destination (common phishing technique)", "Blob URL detected in redirect chain", "⚠️ CRITICAL: Brand impersonation detected - Truist branding on non-official domain ()"], "positive": ["Server IPs have valid RPKI ROA coverage", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |