# trxdrop.com — MALICIOUS

> PhishDestroy identifies trxdrop.com as an active cryptocurrency scam impersonating TRON (TRX) giveaways.

## Summary
PhishDestroy identifies a recently activated malicious domain, trxdrop.com, currently distributing cryptocurrency-themed fake giveaways. This domain specifically masquerades as a TRON (TRX) promotional campaign, luring victims with false claims of free cryptocurrency distributions. The threat is elevated due to the combination of active distribution, low detection coverage, and the use of a legitimate-looking SSL certificate to appear credible.  trxdrop.com was registered on September 7, 2025, through EmpireStateDomains Inc. only days before its observed malicious activity. Security vendor analysis shows a low detection rate, with only 5 out of 95 engines currently flagging this domain as malicious—indicating a significant window of opportunity for attackers. The domain resolves to IP address 103.224.182.217 and utilizes a Let’s Encrypt SSL certificate, which enhances its deceptive appearance and increases the likelihood of user trust. The low detection rate underscores the sophisticated nature of this campaign, which avoids triggering widespread alerts despite active abuse.  Users who have visited trxdrop.com or interacted with its content should immediately cease all communications with the site and avoid entering any cryptocurrency wallet addresses or private keys. If any TRX or other cryptocurrency was sent in response to the fake giveaway, report the transaction to the relevant blockchain explorer and consider transferring remaining funds to a new, secure wallet. Organizations should block the domain at the DNS and firewall levels using the domain and IP indicators. Users are advised to report this domain to their security teams and avoid similar cryptocurrency-themed promotions, especially those claiming to offer free tokens or rewards. Additionally, monitor wallet addresses used on this domain for any further suspicious transactions.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-07 18:20:39
- Registrar: EmpireStateDomains Inc.
- IP: 103.224.182.217

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/trxdrop.com
- PhishDestroy: https://phishdestroy.io/domain/trxdrop.com/
- LLM endpoint: https://phishdestroy.io/domain/trxdrop.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trxdrop.com/
Last updated: 2026-04-10