# en-trezsuites.wixstudio.com — SUSPICIOUS > PhishDestroy warns: en-trezsuites.wixstudio.com is a live crypto drainer impersonating Trezor Suite. Verify sites with PhishDestroy before clicking. ## Summary PhishDestroy identifies en-trezsuites.wixstudio.com as a newly activated generic phishing domain operating as a crypto drainer, designed to trick users into connecting compromised cryptocurrency wallets. The domain masquerades under the Wix Studio platform, leveraging its subdomain structure to appear legitimate at first glance. No specific brand impersonation has been confirmed yet, but the generic nature of the domain suggests opportunistic targeting of crypto users seeking wallet management or exchange services. The threat is classified as a high-risk crypto drainer due to its active infrastructure and lack of detection on major security platforms. This domain resolves to IP address 34.144.206.118 and is hosted on infrastructure associated with Google Cloud Platform (ASN 15169). The SSL certificate is issued by Let's Encrypt, providing a false sense of security with valid HTTPS encryption. VirusTotal currently shows 0 detections out of 95 engines, indicating that mainstream antivirus and security tools have not yet flagged this domain. The domain was registered recently, though the exact creation date is not publicly disclosed. Google Safe Browsing (GSB) has not yet classified this domain as malicious, and it remains absent from major blocklists such as PhishTank and OpenPhish. These characteristics suggest the threat actor is operating under the radar, likely in the early stages of a campaign. As of the latest analysis, the domain remains active and under investigation, with no definitive remediation actions taken by hosting providers or security vendors. The current risk level is assessed as 'under_investigation,' meaning the threat potential is not yet fully quantified. Users are strongly advised to avoid interacting with this domain and to verify any similar URLs using PhishDestroy’s real-time scanning tools. The absence of detections on VirusTotal and other platforms highlights the importance of proactive threat hunting, as traditional security measures may lag behind emerging phishing campaigns. Remaining risk includes potential expansion of the campaign to target more users or integration with additional malicious infrastructure. Immediate reporting and blocking of this domain are recommended to mitigate further exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/dbee9eb7-0175-4d1f-b1d0-02e2713e5348 - PhishDestroy: https://phishdestroy.io/domain/en-trezsuites.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/en-trezsuites.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/en-trezsuites.wixstudio.com/ Last updated: 2026-04-12