# americanexpress-dez03.ink — MALICIOUS

> americanexpress-dez03.ink poses as American Express to steal login credentials. PhishDestroy confirms this active scam, flagged by 8/95 VirusTotal vendors.

## Summary
PhishDestroy identifies americanexpress-dez03.ink as a live American Express credential harvesting scam designed to deceive users into surrendering sensitive financial login details. This domain mimics the legitimate American Express website to exploit trust and harvest credentials for fraudulent transactions. The threat is elevated due to its active status and the use of a Let's Encrypt SSL certificate, which may lull victims into a false sense of security.  This domain was flagged by 8 out of 95 VirusTotal security vendors, indicating significant malicious activity. It was registered through Dominet (HK) Limited and created on March 30, 2026, a highly suspicious timeline suggesting opportunistic registration. The domain resolves to IP address 43.159.168.186, further corroborating its malicious intent as it hosts a convincing replica of the American Express login portal.  If you have visited americanexpress-dez03.ink, immediately change your American Express password and enable multi-factor authentication. Review your account for unauthorized transactions and report any suspicious activity to American Express customer support. Use a reputable antivirus tool to scan your device for potential malware introduced during the visit. Avoid interacting with this domain entirely and report it to PhishDestroy or your organization's security team for further analysis.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 09:20:55
- Registrar: Dominet (HK) Limited
- IP: 43.159.168.186

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c616d20c-2d05-4ae3-904a-6627a53af568
- PhishDestroy: https://phishdestroy.io/domain/americanexpress-dez03.ink/
- LLM endpoint: https://phishdestroy.io/domain/americanexpress-dez03.ink/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/americanexpress-dez03.ink/
Last updated: 2026-04-01