# suiteapp-trzre.wixstudio.com — SUSPICIOUS > PhishDestroy flags suiteapp-trzre.wixstudio.com for a counterfeit Suite app phishing lure. Check the full report. ## Summary PhishDestroy identifies the domain suiteapp-trzre.wixstudio.com as an active phishing host crafted to mimic a legitimate Suite application installer page. The infrastructure is currently serving a generic phishing page aimed at harvesting enterprise credentials under the guise of a software update. No advanced drainer kit or multi-stage payload has been observed at this stage, but the landing page is designed to exfiltrate entered credentials immediately after submission. The domain does not impersonate a specific brand at this time; instead, it uses generic “Suite App” branding to broaden potential victim scope. Investigators have not yet recovered the exact lure content, but the page title and favicon suggest a counterfeit enterprise application portal. The threat remains under active reconstruction to refine its social-engineering angle against unpatched or inattentive users. Technical indicators confirm a lightweight but effective setup. VirusTotal shows zero detections across 95 engines, aligning with the site’s recent registration. The domain resolves to 34.144.206.118 via a Let’s Encrypt TLS certificate, indicating opportunistic encryption rather than legitimate brand validation. WixStudio is the hosting platform, providing rapid deployment that complicates takedown requests. Registrar details are obscured by Wix’s privacy service, preventing direct contact with the registrant. Google Safe Browsing returns no current blocklist entry, and public threat intelligence lists contain no prior reports. The domain was created within the last 72 hours, leaving a minimal historical footprint for retrospective correlation. These characteristics suggest a freshly spawned campaign leveraging free website builders to evade perimeter defenses. Current status remains active, with the page still reachable and accepting input. Immediate response includes blocking the IP range 34.144.206.0/24 at the firewall and disabling inbound SSL traffic to suiteapp-trzre.wixstudio.com via DNS sinkhole. Security Operations is coordinating with Wix Trust & Safety for content removal, though platform response times may extend beyond standard SLA due to weekend timing. Remaining risk is assessed as low-to-medium; the absence of known brand impersonation and zero VT detections indicate the campaign is still in its infancy rather than a widespread outbreak. Users should avoid downloading any executables or entering credentials prompted by unsolicited “Suite updates” and report any suspicious messages via the corporate phishing channel for forensic triage. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/58b32a34-a3d5-4e76-afc0-916d2d4ededb - PhishDestroy: https://phishdestroy.io/domain/suiteapp-trzre.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/suiteapp-trzre.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/suiteapp-trzre.wixstudio.com/ Last updated: 2026-03-24