# v2.trendy47.com — MALICIOUS > v2.trendy47.com is a crypto drainer stealing funds via fake login pages. Flagged by ScamSniffer, 7/95 engines detect it. ## Summary v2.trendy47.com operates as a crypto drainer, a specialized form of phishing designed to illicitly transfer cryptocurrency from victims' wallets without consent. This domain lures users with deceptive interfaces that mimic legitimate services, prompting them to connect their wallets under the guise of authentication or transactions. Once connected, the drainer executes unauthorized transfers to external addresses controlled by the attackers. The active nature of this threat, combined with its technical sophistication, classifies it as an elevated risk requiring immediate user caution. PhishDestroy identifies this domain as a confirmed crypto drainer with multiple red flags corroborating its malicious intent. It resolves to IP 104.21.20.169 and was registered on February 22, 2026, through TUCOWS.COM, CO., a registrar with no notable trust or oversight mechanisms against fraudulent registrations. The domain holds a valid SSL certificate issued by Let's Encrypt, which is commonly exploited to lend false legitimacy to phishing pages. VirusTotal analysis reveals 7 out of 95 security vendors flagged this domain as malicious, while it appears on one active blocklist and is explicitly blocked by ScamSniffer, a leading anti-scam tool focused on blockchain threats. These indicators collectively demonstrate a high level of risk and operational maturity in the threat actor's infrastructure. This threat requires targeted mitigation due to its wallet-draining capabilities. Users must avoid interacting with v2.trendy47.com entirely, including refraining from clicking links or engaging with any content hosted on the domain. If a connection to the domain or its associated services has already occurred, users should immediately disconnect their wallets and revoke any unauthorized permissions granted to connected applications. It is critical to monitor wallet activity for suspicious transactions and report any unauthorized transfers to the relevant blockchain explorer or platform support. For comprehensive verification, users should cross-reference the domain against real-time blocklists and threat intelligence feeds like PhishDestroy, which aggregates data from multiple security vendors and scam-tracking services. Proactive measures such as using hardware wallets and enabling transaction approval notifications can further mitigate the risk of falling victim to crypto drainers. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-22 03:54:01 - Registrar: TUCOWS.COM, CO. - IP: 104.21.20.169 ## Detection Status - VirusTotal: 7 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["ScamSniffer"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/4c34f14b-54d6-483d-9fbc-300fce918343 - PhishDestroy: https://phishdestroy.io/domain/v2.trendy47.com/ - LLM endpoint: https://phishdestroy.io/domain/v2.trendy47.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/v2.trendy47.com/ Last updated: 2026-03-29