# buytrx.ch — SUSPICIOUS

> Investigating buytrx.ch, a generic phishing domain distributing a crypto drainer. Flagged by 0 of 95 VirusTotal vendors. Report and block immediately.

## Summary
buytrx.ch is an active crypto drainer phishing domain impersonating cryptocurrency services as of current intelligence. The domain is currently unresolved by automated detection systems and remains unflagged across VirusTotal's vendor grid. Users should treat this domain as high-risk pending further analysis.


PhishDestroy identifies the domain buytrx.ch as a generic phishing threat classified specifically as a crypto drainer campaign. The infrastructure is hosted on IP 104.21.41.130 and secured with a Let's Encrypt SSL certificate, likely to appear legitimate. At present, this domain has not been flagged by any of 95 VirusTotal vendors, indicating evasive behavior and low detection coverage. The domain's creation date, registrar, and trust scores remain unverified in public records, increasing the risk of malicious deployment.


The current operational status of the domain is active with no active blocklist entries recorded. Recommendations include immediate network-level blocking of the domain and its associated IP (104.21.41.130). Users should avoid visiting or interacting with the domain and ensure endpoint monitoring for crypto drainer signatures. Security teams are advised to flag this domain at the gateway and DNS layers and share indicators with threat intelligence platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.21.41.130

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/buytrx.ch
- PhishDestroy: https://phishdestroy.io/domain/buytrx.ch/
- LLM endpoint: https://phishdestroy.io/domain/buytrx.ch/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/buytrx.ch/
Last updated: 2026-04-03