# terawex.com — SUSPICIOUS

> terawex.com hosts a crypto drainer campaign. Generic threat type observed, with 0/95 VirusTotal detections. Avoid connections immediately.

## Summary
PhishDestroy identifies terawex.com as an active crypto drainer command-and-control server under the unique seed 08c67d. This domain operates as a generic phishing vector with a current risk level of "under_investigation" but shows clear indicators of malicious activity.  

This domain was flagged with a 0/95 detection rate on VirusTotal as of the investigation window, indicating it remains undetected by most antivirus engines. The domain resolves to IP address 188.114.96.3 and was registered through Hello Internet Corp on March 18, 2026. The presence of a Let's Encrypt SSL certificate suggests an attempt to establish legitimacy, while the lack of blocklist inclusion at this stage reflects its novelty or evasion techniques. The domain's recent creation and low detection profile emphasize the need for immediate scrutiny.  

Organizations and individuals should immediately block terawex.com at the network and DNS levels due to its association with crypto drainer infrastructure. Users interacting with this domain risk unauthorized cryptocurrency transfers via injected JavaScript or deceptive wallet connection prompts. If exposure is suspected, disconnect from untrusted networks, revoke any connected wallet permissions, and scan systems using updated endpoint protection. Report the domain to threat intelligence platforms and financial institutions to prevent further abuse.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-18 01:27:40
- Registrar: Hello Internet Corp
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/terawex.com
- PhishDestroy: https://phishdestroy.io/domain/terawex.com/
- LLM endpoint: https://phishdestroy.io/domain/terawex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/terawex.com/
Last updated: 2026-04-07