# tfq06s.top — SUSPICIOUS > PhishDestroy flags tfq06s.top as a crypto drainer posing as a credential harvester. VirusTotal score 0/95 detections. Verify now on PhishDestroy. ## Summary PhishDestroy identifies tfq06s.top as a credential-harvesting domain engineered to steal login details under the guise of a legitimate service. The domain mimics the appearance of a trusted platform to deceive users into entering sensitive credentials, which are then exfiltrated to attacker-controlled servers. Based on behavioral analysis, this domain operates as a generic phishing toolkit, likely deployed in mass campaigns targeting cryptocurrency users under the pretext of account verification, wallet access, or transaction approvals. Security researchers have noted the site employs low-cost infrastructure and rapid domain turnover to evade detection, making it a persistent threat in the threat landscape. This domain was flagged by PhishDestroy with high confidence due to multiple red flags confirmed on March 20, 2026. The domain tfq06s.top was registered through Gname.com Pte. Ltd., a registrar frequently abused in bulk phishing operations. It resolves to IP address 188.114.96.3, a known anonymization service commonly used to host malicious payloads. Critically, VirusTotal reports 0 out of 95 detection engines flagged this domain at the time of analysis, indicating it remains under the radar of many automated scanners. Furthermore, Google Safe Browsing has classified it under the SOCIAL_ENGINEERING category, confirming its malicious intent. The domain is highly recent—created on March 20, 2026—suggesting a quick-turn campaign designed for short operational lifespans. If you visited tfq06s.top, immediately cease interaction and disconnect from the site. Do not enter any credentials, payment details, or personal data. Assume your credentials may have been compromised. Change passwords on all accounts using the same or similar login details, enable two-factor authentication, and monitor accounts for unauthorized transactions or access. Report the domain to PhishDestroy for further analysis. If you entered sensitive data, consider revoking API keys, rotating wallet passwords, and checking for unauthorized transactions on connected blockchain accounts. Always verify URLs manually before clicking and use PhishDestroy to screen domains in real time. Stay vigilant—this campaign is likely ongoing and evolving. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-20 15:02:51 - Registrar: Gname.com Pte. Ltd. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/03714c08-b544-4c95-ac77-dae472561f02 - PhishDestroy: https://phishdestroy.io/domain/tfq06s.top/ - LLM endpoint: https://phishdestroy.io/domain/tfq06s.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tfq06s.top/ Last updated: 2026-03-24