# frontdemo.wallexo.io — SUSPICIOUS

> frontdemo.wallexo.io linked to a crypto drainer phishing site with 0/95 VirusTotal detections. Immediate safety check advised.

## Summary
PhishDestroy identifies frontdemo.wallexo.io as an active crypto drainer phishing domain under investigation. The site mimics legitimate cryptocurrency services to trick users into connecting wallets and authorizing malicious transactions.  

This domain was flagged as a generic phishing page with a crypto drainer payload, exploiting trust in the Wallex brand. VirusTotal currently reports 0/95 detections, indicating no antivirus or security tool has flagged the domain yet. It was registered through Immaterialism Limited, resolved to IP 104.26.6.12, and operates with a Let's Encrypt SSL certificate. The domain was created on March 13, 2026, which is unusually recent for a cryptocurrency-related site, increasing the likelihood of malicious intent. No current blocklist entries were detected, and trust scores remain neutral due to its new registration.  

Crypto drainer domains like frontdemo.wallexo.io typically lure victims via social media, fake airdrop campaigns, or cloned DeFi platforms. Users who connect their wallets risk unauthorized token transfers, NFT theft, or seed phrase harvesting. To mitigate exposure, avoid interacting with unsolicited links, verify domains via official project websites, and revoke suspicious wallet approvals using tools like Revoke.cash. If exposed, immediately disconnect wallets, transfer assets to a new address, and scan for malware.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-13 16:37:25
- Registrar: Immaterialism Limited
- IP: 104.26.6.12

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/frontdemo.wallexo.io
- PhishDestroy: https://phishdestroy.io/domain/frontdemo.wallexo.io/
- LLM endpoint: https://phishdestroy.io/domain/frontdemo.wallexo.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/frontdemo.wallexo.io/
Last updated: 2026-04-04