# buxfunds.com — SUSPICIOUS > Buxfunds.com is a crypto drainer site impersonating investment platforms. Flagged by 0 of 95 VirusTotal vendors, avoid transactions and verify on PhishDestroy. ## Summary PhishDestroy identifies buxfunds.com as an active crypto drainer domain engaged in fraudulent investment scams. The domain is currently under investigation for posing as a legitimate financial platform to deceive users into transferring cryptocurrency assets. As of now, this threat remains unaddressed by most security vendors, increasing the risk of financial loss for unsuspecting visitors. This domain was flagged by 0 of 95 VirusTotal vendors, indicating a low initial detection rate despite its malicious intent. Registered through Sav.com, LLC, buxfunds.com resolves to IP address 91.218.49.176 and was created on April 04, 2026. The domain utilizes a Let’s Encrypt SSL certificate, which may lend it a false appearance of legitimacy. As of the latest data, it remains unlisted on major blocklists, suggesting it is a recently deployed threat with limited exposure to automated defenses. Trust scores for this domain are currently unreliable due to its recent registration and minimal detection history. Given the active status of this crypto drainer and its low detection rate, users are strongly advised to avoid interacting with buxfunds.com or any associated links. Immediate steps include verifying the domain’s legitimacy through PhishDestroy and reporting suspicious activity to relevant cybersecurity authorities. Organizations should update firewall rules to block traffic to 91.218.49.176 and monitor for any signs of compromise within their networks. Proactive measures, such as user awareness training, are critical to mitigating potential financial losses from this evolving threat. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-04 22:28:55 - Registrar: Sav.com, LLC - IP: 91.218.49.176 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/buxfunds.com - PhishDestroy: https://phishdestroy.io/domain/buxfunds.com/ - LLM endpoint: https://phishdestroy.io/domain/buxfunds.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/buxfunds.com/ Last updated: 2026-04-06