# tscardprogram.xyz — SUSPICIOUS > Check tscardprogram.xyz a crypto drainer scam or credential theft site with 0/95 VirusTotal detections targeting unsuspecting users today. ## Summary PhishDestroy identifies tscardprogram.xyz as an active generic phishing domain currently under investigation for potential crypto drainer abuse. The domain masquerades as a legitimate Tron (TRC-20) card program portal, aiming to deceive visitors into connecting crypto wallets or submitting credentials under false pretenses. While no specific drainer kit fingerprint has been extracted yet, the rapid setup and SSL issuance suggest deployment of off-the-shelf phishing toolkits common in crypto credential theft campaigns. The site’s narrow operational window—launched March 27, 2026—exhibits all hallmarks of opportunistic scamming targeting early adopters of emerging blockchain programs. Technical indicators for tscardprogram.xyz (d5fe65) are as follows: VirusTotal detection score is 0/95 engines, indicating zero current blocklist or AV coverage. The domain is registered via NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 104.21.49.103 under a Let’s Encrypt SSL certificate. Domain creation date is March 27, 2026, with no presence yet in Google Safe Browsing (GSB) or major threat intelligence feeds. These metrics reflect a newly minted, lightly used infrastructure typical of short-lived credential theft landing pages. PhishDestroy assesses the current threat level as ACTIVE but under investigation, pending sandbox detonation and heuristic correlation with known drainer families. The registrar’s permissive registration policy and zero detections allow the domain to propagate freely across social media and messaging platforms as of now. Immediate defensive actions include blacklisting 104.21.49.103 and tscardprogram.xyz at network and endpoint levels, flagging for DNS sinkholing, and sharing IOCs via threat intelligence platforms. Remaining risk stems from its unlisted status; proactive hunting for similar domains and wallet connection prompts is strongly advised to prevent asset loss. Users should avoid visiting or interacting with this domain until further forensic validation is complete. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-27 14:00:59 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.49.103 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/205b47f4-e28b-45b2-bebe-2de9dd54debf - PhishDestroy: https://phishdestroy.io/domain/tscardprogram.xyz/ - LLM endpoint: https://phishdestroy.io/domain/tscardprogram.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tscardprogram.xyz/ Last updated: 2026-03-31