# trosncan.lat — SUSPICIOUS

> trosncan.lat is a live phishing domain (1/95 VirusTotal detections) distributing a generic credential stealer. Check the full report.

## Summary
PhishDestroy identifies trosncan.lat as an active phishing domain designed for credential harvesting. The domain does not impersonate a specific brand but presents a generic login interface to deceive victims into surrendering credentials. Security telemetry confirms active distribution of a form-grabbing JavaScript drainer kit embedded on the landing page.


This domain was flagged at a 1/95 detection ratio on VirusTotal, indicating minimal broad-spectrum coverage. It was registered through Dynadot LLC on March 22, 2026, and resolves to the IP address 172.67.146.100. The domain secures a valid SSL certificate issued by Let's Encrypt, increasing its deceptive authenticity. It is not currently blocked by Google Safe Browsing and has not yet been comprehensively block-listed across threat intelligence platforms.


The campaign remains active with elevated risk due to low detection and new domain age. Immediate mitigation includes domain takedown requests to the hosting provider, DNS blackholing, and browser/mail client blocklisting. While the registrant and hosting infrastructure appear disposable, the drainer kit’s reuse potential across similar domains suggests persistent targeting of unsuspecting users. Users are advised to verify URLs before inputting credentials and avoid clicking unsolicited links.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-22 19:55:09
- Registrar: Dynadot LLC
- IP: 172.67.146.100

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a6fa9181-da57-42d2-9cdd-9fb536bdce91
- PhishDestroy: https://phishdestroy.io/domain/trosncan.lat/
- LLM endpoint: https://phishdestroy.io/domain/trosncan.lat/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trosncan.lat/
Last updated: 2026-03-23