# trmlabscoin.sbs — SUSPICIOUS

> PhishDestroy flags trmlabscoin.sbs as an active crypto-drainer scam impersonating TRM Labs; domain resolves to 103.68.172.240 with 0/95 VirusTotal detections.

## Summary
PhishDestroy has flagged the domain trmlabscoin.sbs as an active crypto-drainer scam under investigation. This domain, created on March 24, 2026, impersonates TRM Labs, a legitimate blockchain analytics firm, and is designed to deceive users into connecting their wallets to a malicious drainer kit. The infrastructure behind this domain is hosted on IP address 103.68.172.240, which is associated with suspicious activity patterns observed in recent drainer campaigns. The domain leverages a Let's Encrypt SSL certificate to appear legitimate, but further analysis reveals its malicious intent.  This domain was registered through Gname.com Pte. Ltd., a registrar known for accommodating high-risk domains. As of the latest scan, VirusTotal shows 0 detections out of 95 engines, indicating that traditional security tools have not yet flagged this domain. The domain remains unlisted on Google Safe Browsing (GSB) and has not yet accumulated entries on major blocklists. These technical indicators suggest a newly deployed threat that has evaded immediate detection.  The current status of trmlabscoin.sbs is active, with no active takedowns or blocklist additions as of now. PhishDestroy recommends immediate verification through its platform to assess the risk posed by this domain. Users are advised to avoid interacting with this domain or any associated links until further investigation is completed. While the immediate risk is categorized as under investigation, the lack of detections and recent domain creation pose a significant potential threat to unsuspecting users.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 16:02:23
- Registrar: Gname.com Pte. Ltd.
- IP: 103.68.172.240

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f34387fe-3dcb-4401-8ecc-20c8309623f0
- PhishDestroy: https://phishdestroy.io/domain/trmlabscoin.sbs/
- LLM endpoint: https://phishdestroy.io/domain/trmlabscoin.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trmlabscoin.sbs/
Last updated: 2026-03-26