# 1trx.me — SUSPICIOUS

> PhishDestroy identifies 1trx.me as a crypto drainer phishing domain spotted on December 18. With only 1/95 VirusTotal detections, users should verify its.

## Summary
PhishDestroy flags 1trx.me as an active crypto drainer domain designed to steal cryptocurrency assets through deceptive transactions. The domain impersonates legitimate blockchain or wallet interfaces to trick users into approving malicious transactions. Security researchers note the use of obfuscated JavaScript to mask fund transfers and harvest private keys, a common tactic in modern drainer kits. The domain’s infrastructure closely mirrors known phishing campaigns targeting unsuspecting crypto investors, particularly those engaging with decentralized finance (DeFi) protocols.  This domain was registered on December 18, 2025, through GNAME.COM PTE. LTD., a registrar often exploited for bulletproof hosting. It resolves to the IP address 38.54.16.127 and employs a Let’s Encrypt SSL certificate to appear legitimate, despite its malicious purpose. VirusTotal scans reveal a low detection ratio of 1/95 security vendors, indicating its recent emergence and evasion of traditional detection methods. While VirusTotal and other threat intelligence feeds have not widely blacklisted this domain, its recent creation and minimal footprint suggest it is actively evading oversight. The domain has not yet been flagged by Google Safe Browsing (GSB), further highlighting its stealthy nature.  Currently, 1trx.me remains active and poses an elevated risk to users engaging with cryptocurrency platforms. PhishDestroy recommends blocking the domain at the network level and flagging its associated IP (38.54.16.127) to prevent access. Organizations should update firewall rules and DNS sinkholes to intercept traffic to this domain. End users are advised to verify URLs manually, avoid clicking unsolicited links, and use security tools like browser extensions or phishing detection services before interacting with crypto-related websites. While the domain’s low detection rate complicates immediate mitigation, proactive monitoring and threat intelligence sharing can reduce its impact. Remaining risk is moderate due to its active status and potential for rapid expansion across unsuspecting user bases.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-18 14:56:33
- Registrar: GNAME.COM PTE. LTD.
- IP: 38.54.16.127

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/1trx.me
- PhishDestroy: https://phishdestroy.io/domain/1trx.me/
- LLM endpoint: https://phishdestroy.io/domain/1trx.me/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/1trx.me/
Last updated: 2026-04-09