# buytrx.com.co — SUSPICIOUS

> PhishDestroy identifies buytrx.com.co as a fake 'BuyTRX' crypto exchange phishing site with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies buytrx.com.co as an active phishing domain posing as a cryptocurrency exchange under the 'BuyTRX' branding. This fraudulent site mimics legitimate trading platforms to deceive users into depositing funds or exposing wallet credentials. The domain specifically targets individuals seeking to purchase TRX tokens, redirecting victims to a spoofed interface that steals deposited funds or harvests private keys. Security teams should treat this as a high-risk credential theft and financial fraud campaign given its active status and lack of detection coverage.  This domain was flagged by PhishDestroy with zero detections out of 95 VirusTotal scans, indicating it has evaded current detection signatures. The infrastructure is hosted on IP 188.114.97.3 and secured with a Let's Encrypt SSL certificate to appear legitimate. The domain was registered through TLD Registrar Solutions Ltd. on March 21, 2026—extremely recently—suggesting a hastily deployed campaign. These attributes, combined with the absence of blocklist coverage, elevate the threat level and necessitate immediate preventative measures.  Users who visited buytrx.com.co should assume their credentials or cryptocurrency may have been compromised. Disconnect from the internet, revoke any exposed API keys or wallet approvals, and transfer remaining funds to a new wallet with updated security settings. Report the incident to your exchange and cryptocurrency platform support teams with the domain and timestamp. Consider running a full malware scan and rotating all related passwords and 2FA tokens across financial accounts. Monitor blockchain transactions for unauthorized transfers and report suspicious activity to local cybercrime units.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 07:46:26
- Registrar: TLD Registrar Solutions Ltd.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/153a2285-4148-4030-a7a0-8ed8152fb36a
- PhishDestroy: https://phishdestroy.io/domain/buytrx.com.co/
- LLM endpoint: https://phishdestroy.io/domain/buytrx.com.co/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/buytrx.com.co/
Last updated: 2026-03-26