# trmlabscoin.eu.cc — SUSPICIOUS > trmlabscoin.eu.cc is a crypto-drainer phishing site with 0/95 VirusTotal detections. Full forensic report available. Check the full report. ## Summary PhishDestroy identifies trmlabscoin.eu.cc as an active crypto-drainer phishing domain designed to trick users into approving malicious token contracts that silently drain wallets of digital assets. The domain mimics legitimate crypto-brand terminology (trmlabscoin) to lend false credibility, leveraging a spoofed .cc ccTLD to appear as a community or project site. No known drainer kit fingerprint has been released yet, indicating either a custom or newly deployed kit intended to evade signature-based detection. This domain was flagged by PhishDestroy on October 13, 2024, with exact technical indicators including a VirusTotal score of 0/95 detections, registration through privacy-protecting Gname.com Pte. Ltd., resolution to IP 103.68.172.240, and a domain creation date of October 13, 1997 — an unusually old registration likely harvested for trust by threat actors. The site holds a valid Let’s Encrypt SSL certificate, increasing user trust while enabling encrypted exfiltration of wallet data and transaction approvals. As of today, the domain remains unlisted on Google Safe Browsing and has not been added to major threat intelligence blocklists, leaving end-users and organizations vulnerable to exposure. The current status of trmlabscoin.eu.cc is active and under active monitoring. Security teams are advised to block the domain at network and endpoint levels using the seed identifier 5536bc and IP 103.68.172.240. While the immediate risk is high due to the absence of AV coverage, the lack of mass exploitation suggests the campaign may still be in early deployment. Users are urged to avoid interacting with any site promoting 'trmlabscoin' or similar crypto projects without verifying authenticity through official channels. Proactive blocking and user awareness remain the most effective defenses against this emerging drainer threat. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 1997-10-13 04:00:00 - Registrar: Gname.com Pte. Ltd. - IP: 103.68.172.240 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/trmlabscoin.eu.cc - PhishDestroy: https://phishdestroy.io/domain/trmlabscoin.eu.cc/ - LLM endpoint: https://phishdestroy.io/domain/trmlabscoin.eu.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trmlabscoin.eu.cc/ Last updated: 2026-04-06