# advancecompfile.live — SUSPICIOUS > advancecompfile.live is distributing a fake document downloader phishing scam. VirusTotal shows 0/95 detections. Check the full report. ## Summary PhishDestroy identifies advancecompfile.live as an active phishing domain hosting a fake document downloader lure, currently under investigation for credential harvesting and file-based malware distribution. advancecompfile.live was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 19, 2026. The domain resolves to IP 188.114.97.3 and utilizes a Let's Encrypt SSL certificate to appear legitimate. VirusTotal currently flags the domain with 0/95 detections and no blocklist presence according to Google Safe Browsing (GSB). The domain's recent creation date and low detection rate suggest it is actively evading early-stage security layers. Threat intelligence indicates use of a generic downloader kit designed to trick users into executing malicious payloads under the guise of a legitimate document download. Technical analysis reveals a high-risk threat profile despite low initial detection scores. The domain's infrastructure points to a potential campaign targeting enterprise users expecting file-sharing services. Lack of GSB flagging combined with fresh registration creates an elevated risk for unprotected endpoints. The IP address (188.114.97.3) has been associated with low-prevalence phishing domains in the recent past, indicating possible reuse of bulletproof hosting infrastructure. Current data suggests a staged deployment: initial lures likely via email or compromised websites, followed by executable delivery once user engagement is achieved. PhishDestroy confirms this domain remains active as of this report. Organizations are advised to block advancecompfile.live at DNS and network levels. Users should avoid downloading files from this domain and report any suspicious file activity. Due to the domain’s low detection profile, signature-based defenses may fail—consider behavioral monitoring and file reputation analysis. Risk remains under investigation but is classified as active pending deeper payload analysis and sinkhole correlation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-19 02:21:54 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f65b0ea5-f607-4cfe-8d18-3a388db15e3c - PhishDestroy: https://phishdestroy.io/domain/advancecompfile.live/ - LLM endpoint: https://phishdestroy.io/domain/advancecompfile.live/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/advancecompfile.live/ Last updated: 2026-03-23