# tronscan.my.canva.site — SUSPICIOUS

> tronscan.my.canva.site impersonates the legitimate Tronscan site to steal crypto wallet credentials. Resolved to 103.169.142.

## Summary
PhishDestroy identifies tronscan.my.canva.site as an active typosquatting domain designed to impersonate the legitimate Tronscan blockchain explorer, targeting cryptocurrency users. This domain was flagged as a generic phishing site with an under-investigation risk level, indicating ongoing analysis to confirm its malicious intent. The site leverages the trusted Canva subdomain infrastructure to appear legitimate, deceiving users into entering sensitive wallet information under the guise of authentic blockchain scanning services.

This domain was registered through Gandi SAS on April 3, 2018, and resolves to IP address 103.169.142.250. It utilizes a Google Trust Services SSL certificate, which may further mislead users into believing the site is secure. Despite passing 0/95 detections on VirusTotal at the time of analysis, the domain remains untrusted due to its impersonation tactics. The combination of a long-standing but misused subdomain, a reputable SSL issuer, and zero detections highlights a sophisticated phishing strategy aimed at bypassing automated security measures.

Users should immediately avoid interacting with tronscan.my.canva.site, as it poses a direct threat of credential theft and cryptocurrency loss. To mitigate risk, verify the correct domain (tronscan.io) before entering any private keys or seed phrases, and use hardware wallets or secure password managers to reduce exposure. Report any suspicious activity to relevant authorities and block this IP (103.169.142.250) at the network level. Always cross-check URLs for subtle misspellings or unusual subdomains like 'my' or 'canva' in crypto-related contexts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2018-04-03 02:06:47
- Registrar: Gandi SAS
- IP: 103.169.142.250

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/tronscan.my.canva.site
- PhishDestroy: https://phishdestroy.io/domain/tronscan.my.canva.site/
- LLM endpoint: https://phishdestroy.io/domain/tronscan.my.canva.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tronscan.my.canva.site/
Last updated: 2026-04-07