# tronguia.lat — SUSPICIOUS

> tronguia.lat is under investigation for credential harvesting phishing (0/95 VirusTotal detections). Check the full report.

## Summary
PhishDestroy identifies tronguia.lat as a credential harvesting phishing domain designed to trick users into submitting sensitive login information. The domain mimics legitimate services, likely targeting unsuspecting victims with deceptive login prompts. Its recent registration and clean VirusTotal score (0/95 detections) make it a stealthy threat, evading immediate detection by traditional antivirus tools. The domain resolves to IP 104.21.21.228 and operates under a Let's Encrypt SSL certificate, lending it a false air of legitimacy.  This domain was flagged for credential harvesting tactics, with key indicators including its registration through Dynadot LLC on March 23, 2026, and deployment on IP 104.21.21.228. VirusTotal currently shows 0/95 detections, meaning no antivirus engines have flagged it as malicious—yet. The domain’s recent creation and lack of prior reputation make it a high-risk candidate for future attacks. Users should remain cautious, as such domains often appear in phishing emails or spoofed websites designed to steal credentials.  If you visited tronguia.lat, avoid entering any personal or login details. Clear your browser cache and cookies associated with the site, and scan your device for malware. Report the domain to your antivirus provider and avoid interacting with similar links in the future. Stay vigilant for unsolicited communications claiming to be from this domain, as they may be part of a broader phishing campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 01:01:26
- Registrar: Dynadot LLC
- IP: 104.21.21.228

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/53034b9e-3d77-4073-8fc0-f26b50283e64
- PhishDestroy: https://phishdestroy.io/domain/tronguia.lat/
- LLM endpoint: https://phishdestroy.io/domain/tronguia.lat/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tronguia.lat/
Last updated: 2026-03-29