# trxlg.org — SUSPICIOUS

> trxlg.org is a crypto drainer phishing site flagged by 3/95 VirusTotal vendors. Avoid this domain to prevent cryptocurrency theft.

## Summary
trxlg.org is a recently activated crypto drainer phishing domain designed to deceive users into connecting their cryptocurrency wallets and approving fraudulent transactions. This site mimics legitimate crypto platforms to trick victims into transferring funds or signing malicious wallet approvals, which can drain entire balances without warning. Security researchers have identified this domain as part of an active campaign targeting crypto investors, and it should be avoided entirely to prevent financial loss.  PhishDestroy identifies this threat through multiple data points confirming its malicious intent. The domain trxlg.org was registered on February 13, 2026, through Internet Domain Service BS Corp, a registrar often associated with disposable or malicious domains. VirusTotal analysis reveals that 3 out of 95 security vendors have flagged this domain as malicious, indicating a low but concerning detection rate. Additionally, this domain resolves to IP address 104.21.18.227 and holds an SSL certificate issued by Google Trust Services, which attackers often exploit to appear legitimate. The combination of a recent creation date, low VT detection rate, and suspicious infrastructure suggests this is an emerging threat that may evade some security tools.  If you visited trxlg.org, take immediate action to secure your cryptocurrency assets. Disconnect your wallet from any dApps or websites and revoke any suspicious approvals through your wallet’s interface (e.g., Revoke.cash for Ethereum or similar tools for other chains). Monitor your wallet transactions closely for unauthorized activity, and consider transferring remaining funds to a new wallet with a different address. Report this domain to your antivirus provider or threat intelligence platforms like VirusTotal, and warn others in crypto communities to avoid this site. Always verify URLs manually and use hardware wallets for sensitive transactions to minimize risk.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-13 01:45:29
- Registrar: Internet Domain Service BS Corp
- IP: 104.21.18.227

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/87146dc8-8b38-4f41-bac9-213acb560149
- PhishDestroy: https://phishdestroy.io/domain/trxlg.org/
- LLM endpoint: https://phishdestroy.io/domain/trxlg.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trxlg.org/
Last updated: 2026-03-25