# troniscan.lat — SUSPICIOUS > PhishDestroy warns that troniscan.lat is a fake Tron blockchain explorer pushing a crypto drainer. Avoid entering wallet details on this domain. ## Summary PhishDestroy has identified troniscan.lat as an active crypto drainer impersonating the legitimate Tron blockchain explorer, TronScan. The domain poses an immediate risk to cryptocurrency users seeking to track transactions or access wallet tools on the Tron network. Any interaction with this site—particularly wallet connections or seed phrase inputs—could result in direct asset theft via a malicious smart contract or clipboard hijacker. Users should treat this domain as hostile and refrain from engaging with its content or links under any circumstances. This domain was flagged through PhishDestroy’s automated pipeline using seed ea239e and has not yet been added to public blocklists. VirusTotal analysis shows 0 detections out of 95 engines (0/95), indicating it remains under the radar of most antivirus platforms. The domain is registered via Dynadot LLC, a privacy-friendly registrar known for low oversight, and leverages a Let’s Encrypt SSL certificate to appear legitimate. It resolves to IP address 188.114.97.3, a Cloudflare IP often used in short-lived phishing operations. Notably, the domain was created on March 22, 2026—only days ago—suggesting a rapidly deployed campaign targeting Tron ecosystem users during a period of high network activity. To mitigate exposure, PhishDestroy recommends blocking troniscan.lat at the network level and avoiding any links from social media, search engines, or unofficial Tron communities. Users should always navigate to TronScan.io directly via verified bookmarks or official sources. Enable hardware wallet signing, revoke any suspicious smart contract approvals, and monitor wallet transactions for unauthorized transfers. If exposure occurs, immediately disconnect wallets, transfer remaining assets to a clean address, and report the incident to PhishDestroy and local cybercrime units. Never enter private keys or seed phrases into browser-based forms, especially on domains with recent registrations or unfamiliar SSL certificates. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-22 22:37:16 - Registrar: Dynadot LLC - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7d39e138-8717-4298-8fe2-0fc73841c2aa - PhishDestroy: https://phishdestroy.io/domain/troniscan.lat/ - LLM endpoint: https://phishdestroy.io/domain/troniscan.lat/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/troniscan.lat/ Last updated: 2026-03-29