# deserialize.app — SUSPICIOUS > PhishDestroy identifies deserialize.app as a live crypto drainer impersonating legitimate login portals. ## Summary PhishDestroy identifies deserialize.app as a recently activated crypto drainer domain designed to mimic legitimate cryptocurrency exchange or wallet login interfaces. The domain employs a spoofed UI likely powered by a commodity drainer kit such as Angel Drainer or Inferno Drainer, which surreptitiously siphons digital assets from connected wallets upon user interaction. No specific brand impersonation is confirmed in public IOCs, but the drainer kit’s generic branding suggests opportunistic targeting across multiple platforms rather than a focused campaign against a single entity. The infrastructure is provisioned for immediate exploitation and shows signs of rapid deployment, consistent with modern crypto-phishing operations that prioritize speed over sophistication. This domain represents a clear and present danger to users who may unknowingly connect wallets or input credentials into its fraudulent forms. Technical indicators confirm elevated risk. VirusTotal reports a detection ratio of 1 out of 95 security engines as of seed 1e2c4e, indicating limited but growing recognition within the security community. The domain was registered on March 21, 2026, via NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating high-volume, low-friction registrations commonly exploited in phishing campaigns. It resolves to IP address 172.67.146.143, hosted on Cloudflare, which is frequently used to obfuscate origin infrastructure. The domain holds a valid Let’s Encrypt SSL certificate, enhancing its credibility and reducing user suspicion. Google Safe Browsing (GSB) has not yet flagged this domain, and public blocklists such as PhishTank or OpenPhish do not currently list it, leaving end users and organizations with minimal automated protection. These factors collectively create a window of opportunity for threat actors to operate with reduced friction. As of the latest assessment, deserialize.app remains active and unblocked across major threat intelligence platforms. PhishDestroy has flagged this domain as an elevated-risk crypto drainer and assigned it a status of active. No takedown or mitigation action has been publicly observed, and the domain’s recent creation date suggests it may still be in early operational phases. Users are strongly advised to avoid interacting with any links, forms, or wallet connection prompts associated with this domain. Organizations are recommended to implement DNS-level blocking via threat feeds that include this domain and to educate users on verifying all cryptocurrency-related links using PhishDestroy’s real-time verification tool. Despite its current low detection rate, the combination of fresh registration, Cloudflare hosting, and drainer kit deployment elevates the risk profile, warranting immediate preventative action to prevent financial loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 22:52:04 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.146.143 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ab78ba56-7e9b-418a-8c79-5398562d2828 - PhishDestroy: https://phishdestroy.io/domain/deserialize.app/ - LLM endpoint: https://phishdestroy.io/domain/deserialize.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/deserialize.app/ Last updated: 2026-03-22