# trx-fee.com — SUSPICIOUS > PhishDestroy identifies trx-fee.com as a crypto drainer phishing site with 0/95 VirusTotal detections. Immediate block and user alert recommended. ## Summary PhishDestroy identifies trx-fee.com as a newly registered crypto drainer domain exhibiting active phishing behavior targeting cryptocurrency users. This domain mimics legitimate transaction fee services to deceive victims into connecting wallets and authorizing malicious transactions. The threat actor employs technical mechanisms typical of crypto drainer kits, including fraudulent fee calculation interfaces designed to trick users into signing malicious transactions that drain wallet funds through smart contract interactions. This domain resolves to IP address 188.114.96.3 and was registered through Global Domain Group LLC on March 29, 2026. VirusTotal currently shows 0/95 detections across security vendors, indicating low initial detection rates for this newly active threat. The domain utilizes a Let's Encrypt SSL certificate, providing a false sense of security to potential victims. Global Safe Browsing (GSB) has not yet flagged this domain, and no blocklist entries are currently recorded across major threat intelligence platforms. The registration date is highly suspicious given the domain's purpose, with creation occurring in the future relative to current time (indicating potential timestamp manipulation). PhishDestroy assesses this domain as ACTIVE with UNDER_INVESTIGATION status, representing a developing threat that requires immediate attention. Primary response actions include immediate domain blocking at network and endpoint levels, user notification through security awareness channels, and integration into threat intelligence feeds. While the immediate risk appears contained due to low detection rates, the sophisticated nature of crypto drainer operations and the domain's recent activation pose significant potential for rapid expansion. Organizations and individuals should treat this domain as HIGH PRIORITY for blocking and investigation, with particular attention to any network connections originating from cryptocurrency-related applications or wallet interfaces. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-29 12:58:05 - Registrar: Global Domain Group LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/trx-fee.com - PhishDestroy: https://phishdestroy.io/domain/trx-fee.com/ - LLM endpoint: https://phishdestroy.io/domain/trx-fee.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trx-fee.com/ Last updated: 2026-04-03