# trx16.com — SUSPICIOUS

> trx16.com is actively pushing a crypto drainer phishing scam with 0/95 VirusTotal detection rates. Avoid entering wallet credentials or connecting crypto.

## Summary
PhishDestroy identifies trx16.com as an active crypto drainer phishing domain under investigation, posing a moderate but evolving threat to cryptocurrency users. The site mimics legitimate platforms to deceive victims into connecting crypto wallets and approving malicious token approvals, enabling fund theft. This domain was registered through Gname.com Pte. Ltd. on February 01, 2026, and is hosted on IP address 104.21.1.38, which is associated with malicious traffic patterns. Despite having a Google Trust Services SSL certificate, its detection rate on VirusTotal remains critically low at 0/95 engines as of the latest scan, indicating a fresh and undetected threat vector.  This domain has not yet been flagged by major threat intelligence platforms or blocklists such as Google Safe Browsing or PhishTank. The low detection rate, coupled with the recent creation date and anonymous registration, suggests an opportunistic campaign likely targeting early adopters of decentralized applications or users seeking low-cost crypto services. The use of a reputable SSL issuer adds to its deceptive appearance, further lowering user suspicion.  To mitigate risk, avoid interacting with trx16.com entirely. Do not connect crypto wallets, enter private keys, or sign transactions on this site. Use browser extensions like MetaMask’s phishing detection or Etherscan’s token approval alerts to monitor suspicious activities. Report any interactions to your wallet provider and share IoCs with threat intelligence communities to expedite takedowns. Always verify URLs via official project channels before engagement.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-01 12:19:08
- Registrar: Gname.com Pte. Ltd.
- IP: 104.21.1.38

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3886ea2c-3a53-4b93-96c5-9926bf86db29
- PhishDestroy: https://phishdestroy.io/domain/trx16.com/
- LLM endpoint: https://phishdestroy.io/domain/trx16.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trx16.com/
Last updated: 2026-04-01