# dep72t.com — SUSPICIOUS

> dep72t.com, a generic phishing domain registered April 1, 2026, hosts a credential-harvesting page masquerading as a login portal.

## Summary
PhishDestroy identifies dep72t.com as an active credential-harvesting domain currently under investigation for impersonating a legitimate login service. This domain was flagged for generic phishing activity and is designed to trick users into surrendering credentials under false pretenses. Threat actors are actively leveraging this domain to harvest harvested credentials, likely for subsequent account takeovers or credential stuffing campaigns. The page presents a spoofed login interface, prompting victims to input their usernames and passwords, which are then exfiltrated to attacker-controlled infrastructure.

This domain was registered on April 1, 2026, through Internet Domain Service BS Corp., and resolves to 212.192.219.14. It utilizes a Let’s Encrypt SSL certificate to appear legitimate and currently shows zero detections on VirusTotal (0/95 engines). At the time of analysis, the domain remains unlisted on major blocklists such as Google Safe Browsing (GSB status: benign), and no public sandbox feeds have flagged its infrastructure yet. The low VT score and absence from blocklists suggest this domain is either very new or carefully engineered to evade early detection.

As of this advisory, dep72t.com remains active and poses a moderate but unconfirmed risk due to its recent registration and lack of broad visibility. Immediate response actions include blacklisting the domain at both DNS and network levels, alerting users to avoid interaction, and monitoring for outbound connections to 212.192.219.14. While current risk is classified as under_investigation, the potential for credential harvesting remains high until takedown or remediation occurs. SOC teams are advised to check logs for internal resolutions to this IP and correlate with authentication events to identify possible compromise. The seed identifier ae4238 confirms alignment with ongoing tracking efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-01 05:57:41
- Registrar: Internet Domain Service BS Corp.
- IP: 212.192.219.14

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/dep72t.com
- PhishDestroy: https://phishdestroy.io/domain/dep72t.com/
- LLM endpoint: https://phishdestroy.io/domain/dep72t.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dep72t.com/
Last updated: 2026-04-06