# tronlink.fun — SUSPICIOUS

> PhishDestroy identifies tronlink.fun as a malicious wallet drainer kit impersonating TronLink, resolving to 43.103.50.255. Check the full report.

## Summary
PhishDestroy identifies tronlink.fun as a malicious wallet drainer kit impersonating the legitimate TronLink wallet extension. This domain mimics the branding of the popular TronLink service to deceive users into connecting their wallets to drain cryptocurrency assets. Threat actors leverage phishing tactics such as domain spoofing and social engineering to trick victims into authorizing malicious transactions.  This domain was flagged as a generic phishing resource targeting TronLink users. It resolves to IP 43.103.50.255, was created on February 27, 2026, and is registered through GoDaddy.com, LLC. The threat exhibits a VirusTotal detection rate of 0/95, indicating it remains undetected by most antivirus engines. The domain utilizes a Let's Encrypt SSL certificate and currently shows no blocklist entries, making it a stealthy threat. Given its recent registration, the infrastructure remains under monitoring for further malicious activity.  The domain is currently active and under investigation by PhishDestroy. Users are advised to avoid interacting with tronlink.fun and verify the legitimacy of wallet extensions strictly through official channels. No known remediation has been applied yet, and the risk level remains under evaluation. Security teams should monitor for similar domains and consider blocking the associated IP and domain as preventive measures. Remaining risk is assessed as active but contained to targeted phishing attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-27 09:03:27
- Registrar: GoDaddy.com, LLC
- IP: 43.103.50.255

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c7f3140d-08af-4e27-9aa6-091371128960
- PhishDestroy: https://phishdestroy.io/domain/tronlink.fun/
- LLM endpoint: https://phishdestroy.io/domain/tronlink.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tronlink.fun/
Last updated: 2026-03-24