# trezosuite-trezo.wixstudio.com — SUSPICIOUS > trezosuite-trezo.wixstudio.com hosts a malicious payroll portal impersonating Trez社 Suite; resolves to 34.144.206.118. ## Summary PhishDestroy identifies trezosuite-trezo.wixstudio.com as an active domain engaged in generic phishing that impersonates the Trez社 Suite payroll web portal. The campaign’s objective is credential theft via a spoofed login interface presented on the Wix Studio platform. Users who submit credentials risk direct compromise of corporate payroll systems, enabling follow-on fraud, direct deposit diversion, and sensitive PII exfiltration. This domain was flagged on seed 92b56b and exhibits multiple low-signal indicators at present. VirusTotal records 0 detections out of 95 engines (0/95) and it is not listed on any public blocklists as of the latest scan window. The domain resolves to IPv4 address 34.144.206.118, which is assigned to Google Cloud (ASN 15169). The SSL certificate is issued by Let’s Encrypt and shows a valid-not-before date aligning with the domain’s likely recent creation, though creation date itself is not disclosed in the current dataset. Domain registration details remain private, preventing registrar attribution and further WHOIS-based risk scoring. Trust scores across major engines sit at or near zero, reflecting the as-yet unmitigated nature of this campaign. Given the absence of network-level blocks and the campaign’s active status, immediate mitigation is required. Users should block the domain trezosuite-trezo.wixstudio.com at DNS and proxy layers and add 34.144.206.118 to firewall deny lists. Security teams should alert employees to the spoofed portal, emphasize multi-factor authentication for payroll systems, and instruct users never to enter corporate credentials outside of officially documented URLs. Security operations should also inspect proxy logs for outbound connections to this IP and hunt for signs of credential reuse across other internal portals. Continuous monitoring of VirusTotal and internal telemetry is advised until the domain is widely sinkholed or remediated by the hosting provider. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 34.144.206.118 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e9b4b56c-445f-49a4-9797-850fafaab649 - PhishDestroy: https://phishdestroy.io/domain/trezosuite-trezo.wixstudio.com/ - LLM endpoint: https://phishdestroy.io/domain/trezosuite-trezo.wixstudio.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/trezosuite-trezo.wixstudio.com/ Last updated: 2026-03-26