# derovex.com — SUSPICIOUS

> derovex.com exposed as a fake investment portal phishing site. VirusTotal 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies derovex.com as an active fake investment portal phishing site currently under investigation by threat intelligence teams.

This domain poses a high risk due to its recent creation date of April 02, 2026, combined with zero detections on VirusTotal (0/95 engines), suggesting it has evaded initial detection mechanisms. The domain resolves to IP 188.114.97.3 and operates with a Let's Encrypt SSL certificate for perceived legitimacy. Registration through Fewmoretaps OU (d/b/a Trustname.com) adds another layer of obfuscation, as this registrar has been associated with domains linked to deceptive practices. The absence of the domain on public blocklists at this time further indicates its recent emergence and the need for proactive monitoring.

Technical indicators reveal a domain designed to mimic legitimate financial services, likely targeting users seeking investment opportunities. The use of a recently issued SSL certificate suggests an attempt to establish trustworthiness, while the low detection rate on VirusTotal highlights the challenge of early-stage phishing detection. The registration through a less transparent registrar (Fewmoretaps OU) raises additional red flags, as such registrars are often exploited to conceal the true ownership of fraudulent domains.

To mitigate risks, users should avoid interacting with derovex.com or any domains registered through Fewmoretaps OU until further investigations confirm its status. Organizations should update firewall rules to block traffic to 188.114.97.3 and monitor outbound connections to this IP. Additionally, security teams should conduct threat hunting for similar recently registered domains mimicking financial services, as this campaign may expand. Always verify investment portals through official channels and cross-check SSL certificates against known legitimate issuers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-02 18:35:14
- Registrar: Fewmoretaps OU d/b/a Trustname.com
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/derovex.com
- PhishDestroy: https://phishdestroy.io/domain/derovex.com/
- LLM endpoint: https://phishdestroy.io/domain/derovex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/derovex.com/
Last updated: 2026-04-07