# tronlink.jp — SUSPICIOUS

> PhishDestroy identifies tronlink.jp as a TronLink wallet drainer site. VirusTotal score 0/95, full forensic report available. Check the full report.

## Summary
PhishDestroy identifies the domain tronlink.jp as a live phishing resource impersonating the legitimate TronLink wallet service. The infrastructure is configured to harvest private keys and drain cryptocurrency balances from unwitting users who land on the counterfeit wallet interface. Operators behind the campaign registered the domain on July 15, 2025, leveraging a look-alike spelling to bypass visual scrutiny and exploit trust in the legitimate brand.  This domain was flagged by PhishDestroy with a threat type of generic_phishing. VirusTotal currently returns a detection score of 0/95 engines, indicating the site remains unblocked by most antivirus platforms. The site resolves to IP address 188.114.97.3, currently hosted on infrastructure associated with previous malicious campaigns. The SSL certificate issued by Google Trust Services adds a veneer of legitimacy, while the domain remains absent from Google Safe Browsing and public DNS blocklists, enabling continued propagation.  The domain is active and under active investigation by PhishDestroy’s anti-phishing unit with unique seed identifier 78266b. Immediate response actions include submission to VirusTotal’s community feed, domain takedown requests to the registrar, and real-time DNS sinkholing. However, the ongoing risk remains high given zero detections and absence from major blocklists; users are advised to avoid this domain entirely and verify wallet URLs through official channels only.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-15 00:00:00
- Registrar: REGISTRAR_NOT_FOUND
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/df303919-adbf-418c-8a5a-9c8f1ab7d136
- PhishDestroy: https://phishdestroy.io/domain/tronlink.jp/
- LLM endpoint: https://phishdestroy.io/domain/tronlink.jp/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tronlink.jp/
Last updated: 2026-03-29