# homepage-trexo.wixstudio.com — SUSPICIOUS > homepage-trexo.wixstudio.com linked to a crypto drainer phishing campaign bypassing detection with 0/95 VirusTotal scans. Investigate further. ## Summary The domain homepage-trexo.wixstudio.com is currently under active investigation for its role in a cryptocurrency drainer phishing campaign. Initial analysis confirms this infrastructure is being leveraged to facilitate credential theft and unauthorized digital asset transfers, posing a significant risk to users engaging with the platform. The threat level is classified as under_investigation, pending deeper forensic analysis and correlation with known malicious campaigns. Organizations and individuals interacting with this domain should exercise extreme caution due to the potential for direct financial and data compromise. Technical indicators and available intelligence highlight multiple red flags associated with this domain. VirusTotal currently reports zero detections (0/95) across antivirus engines, indicating a low profile among security vendors despite its malicious intent. The domain resolves to IP address 34.144.206.118, which is a Google Cloud Platform (GCP) endpoint, often exploited to host short-lived infrastructure for phishing and fraudulent campaigns. The SSL certificate, issued by Let's Encrypt, may be used to add a veneer of legitimacy to the site, tricking users into trusting the connection. The domain is hosted on wixstudio.com, a legitimate website builder, which raises concerns about subdomain abuse — a common tactic to rapidly deploy and rotate malicious pages. At present, there is no evidence of listing on major blocklists such as Google Safe Browsing, OpenPhish, or PhishTank, allowing the domain to fly under the radar in initial detection windows. Mitigation for this crypto drainer threat requires immediate defensive action. Users should avoid accessing homepage-trexo.wixstudio.com and report any accidental interactions to their security teams. Organizations are advised to block the domain at the DNS and firewall levels, and inspect outbound traffic to IP 34.144.206.118. Implementing browser isolation or virtual browsing environments for users in finance or crypto-related roles can reduce exposure to credential harvesting and session hijacking. Additionally, monitoring for unusual cryptocurrency wallet transfers or login anomalies from corporate endpoints can help detect potential compromise early. Proactive threat hunting based on IoCs (domain, IP, and SSL cert hash) is recommended to identify related infrastructure. Finally, user awareness training emphasizing the risks of crypto drainers and redirection tactics is critical to prevent initial compromise. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/homepage-trexo.wixstudio.com - PhishDestroy: https://phishdestroy.io/domain/homepage-trexo.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/homepage-trexo.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/homepage-trexo.wixstudio.com/ Last updated: 2026-04-07