# buy-trx.lu — SUSPICIOUS > buy-trx.lu is an active crypto drainer impersonating TRX; VirusTotal shows 0/95 detections. Avoid transactions immediately. ## Summary PhishDestroy identifies buy-trx.lu as a confirmed crypto drainer targeting TRX users. This domain poses an active threat to cryptocurrency holders seeking to exchange or purchase TRX tokens. The infrastructure is designed to deceive victims into connecting wallets and authorizing malicious transactions that drain funds under the guise of a legitimate service. Given the specificity of the threat and the domain's active status, immediate action is required to mitigate exposure. buy-trx.lu resolves to IP 104.21.94.74 and operates with a Let's Encrypt SSL certificate, indicating a false appearance of legitimacy. The domain was registered through Key-Systems GmbH and shows 0 detections on VirusTotal as of the latest scan, suggesting it has evaded detection despite suspicious infrastructure. While specific creation date and blocklist status are not available in current feeds, the absence of detections and use of a reputable registrar indicate a recently deployed campaign likely leveraging low-detection tactics such as short-lived domains and HTTPS obfuscation. Trust scores and historical WHOIS data further suggest this is a newly registered domain with no prior reputation, typical of opportunistic crypto drainers. This domain specifically targets users searching for TRX-related services, including purchasing or exchanging tokens. Victims may be lured via phishing emails, fake ads, or impersonated exchange links. The threat type is a crypto drainer, meaning any connected wallet could be drained of TRX or other tokens upon interaction. Users should immediately block the domain at network and endpoint levels and avoid any interaction. Wallets should be disconnected from suspicious sites and funds moved to cold storage if exposure is suspected. Always verify URLs via official channels and use hardware wallets for high-value transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Key-Systems GmbH - IP: 104.21.94.74 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/buy-trx.lu - PhishDestroy: https://phishdestroy.io/domain/buy-trx.lu/ - LLM endpoint: https://phishdestroy.io/domain/buy-trx.lu/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/buy-trx.lu/ Last updated: 2026-04-02