# blockscn.app — SUSPICIOUS

> blockscn.app is a confirmed crypto drainer impersonating a blockchain service. This domain, active since March 2026, has been flagged by 2/95 security vendors.

## Summary
PhishDestroy identifies blockscn.app as an active crypto-draining phishing domain posing as a legitimate blockchain service. The domain leverages a generic phishing kit designed to deceive users into connecting crypto wallets and authorizing fraudulent transactions. While no specific brand impersonation has been confirmed in available telemetry, the infrastructure and recent creation date suggest opportunistic targeting of cryptocurrency users.

Technical analysis reveals several high-risk indicators. The domain resolves to IP 104.21.90.73 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It was created on March 18, 2026, and currently holds a VirusTotal detection rate of 2 out of 95 security vendors. The SSL certificate is issued by Let's Encrypt, providing a false sense of legitimacy. As of this advisory, the domain remains unlisted on major blocklists such as Google Safe Browsing.

This domain remains active and poses an elevated risk to cryptocurrency users. Immediate containment actions include DNS sinkholing and network-level blocking where feasible. Users are strongly advised to avoid interaction with blockscn.app and verify any blockchain-related links through PhishDestroy’s real-time scanning tool. While the current blocklist footprint is minimal, the combination of recent registration, low VT coverage, and cryptocurrency targeting elevates the potential for widespread abuse. Proactive threat hunting and user awareness campaigns are recommended to mitigate exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-18 11:03:54
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.90.73

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/189a960a-899f-4858-8ebe-377067054e98
- PhishDestroy: https://phishdestroy.io/domain/blockscn.app/
- LLM endpoint: https://phishdestroy.io/domain/blockscn.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/blockscn.app/
Last updated: 2026-03-23