# buytrx.lu — SUSPICIOUS

> buytrx.lu is a crypto drainer phishing site flagged by 2 of 95 VirusTotal vendors. Avoid connecting wallets or entering credentials. Check before you click.

## Summary
PhishDestroy identifies buytrx.lu as an active crypto drainer phishing domain designed to trick users into connecting cryptocurrency wallets and draining funds. The domain mimics legitimate trading platforms to deceive visitors into authorizing malicious transactions. Security researchers have confirmed ongoing malicious activity associated with this domain.


This domain was flagged by 2 of 95 VirusTotal vendors, indicating limited but confirmed malicious detection. It was registered through Key-Systems GmbH and resolves to IP address 172.67.154.153 using a Let's Encrypt SSL certificate. While the exact creation date is not publicly available, its current active status and low VirusTotal detection rate suggest recent deployment aimed at evading initial scrutiny.


Due to elevated risk, PhishDestroy recommends blocking buytrx.lu at the network level and avoiding any interaction with the site. Users should verify URLs carefully when engaging in cryptocurrency transactions and use hardware wallets or transaction simulation tools. Security teams are advised to monitor for connections to IP 172.67.154.153 and flag any wallet connection attempts to this domain in security logs.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Key-Systems GmbH
- IP: 172.67.154.153

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/84b67105-65c3-4f30-8c52-c47ce81fad84
- PhishDestroy: https://phishdestroy.io/domain/buytrx.lu/
- LLM endpoint: https://phishdestroy.io/domain/buytrx.lu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/buytrx.lu/
Last updated: 2026-03-25