# trcscan.website — SUSPICIOUS > trcscan.website operates a fraudulent cryptocurrency transaction scanner claiming to verify transactions, but it's a drainer kit designed to steal crypto assets. ## Summary PhishDestroy identifies trcscan.website as an active cryptocurrency drainer kit disguised as a legitimate transaction scanner, flagged under generic_phishing with an under_investigation risk status. This domain mimics the functionality of a real-time transaction verification tool, luring users with the false promise of transparency while covertly harvesting sensitive wallet credentials and private keys. The threat operates under the guise of legitimacy, exploiting trust in blockchain transparency tools to facilitate asset theft. While no specific drainer kit signature has been publicly documented for this domain, the operational behavior aligns with established cryptocurrency phishing campaigns that redirect victims to malicious payloads or prompt fraudulent authentication requests. This domain was registered through Dynadot Inc on March 22, 2026, and resolves to IP 188.114.97.3. According to VirusTotal analysis as of the seed timestamp b996b5, it maintains a clean detection score of 0/95, indicating no antivirus or security vendor has yet flagged its malicious infrastructure. It utilizes a Let's Encrypt SSL certificate to enhance perceived legitimacy and avoid browser security warnings. Notably, public blocklist checks show this domain remains unlisted across all major threat intelligence platforms, enabling it to evade early detection mechanisms. The combination of a recently created domain, low detection coverage, and active hosting infrastructure suggests this is a newly deployed or rebranded threat actor toolset in the crypto-draining landscape. As of current analysis, trcscan.website remains active and is actively promoting its fraudulent service through social engineering tactics, including impersonation of legitimate blockchain explorers. No takedown or remediation action has been observed, and the domain continues to operate without restriction. Users are strongly advised to avoid interacting with this domain or any associated links. Security teams should monitor for connections to 188.114.97.3 and consider preemptive domain blocking. While the immediate risk is classified as under investigation, the lack of detection and active status pose a growing threat to cryptocurrency users seeking transaction verification tools. Proactive user education on verifying transaction scanners via official blockchain explorer URLs and wallet address validation remains the most effective defense against this type of fraud. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 20:05:18 - Registrar: Dynadot Inc - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/64155887-d25b-4832-b2ec-792adbc92016 - PhishDestroy: https://phishdestroy.io/domain/trcscan.website/ - LLM endpoint: https://phishdestroy.io/domain/trcscan.website/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trcscan.website/ Last updated: 2026-03-29