# desovex.com — SUSPICIOUS

> desovex.com is a credential-theft phishing site with only 1/95 VirusTotal detections. Avoid entering any crypto wallet or login details. Block immediately.

## Summary
PhishDestroy identifies desovex.com as an active credential-theft phishing site designed to harvest cryptocurrency wallet credentials and authentication cookies from unsuspecting users. The domain impersonates legitimate services with a deceptive interface that logs entered seed phrases or private keys, redirecting stolen funds to attacker-controlled wallets within minutes. Security researchers have observed a surge in similar campaigns targeting DeFi users, where phishing pages mimic popular exchanges or wallet interfaces to trick victims into surrendering sensitive access keys. This particular domain leverages psychological pressure by claiming urgent account actions are required, a tactic commonly used to bypass users’ caution during high-stakes transactions.  This domain was flagged by only 1 out of 95 VirusTotal security vendors, indicating a low initial detection rate that could allow the threat to evade enterprise filters. VirusTotal’s assessment reveals minimal coverage from automated systems, increasing the risk of successful compromise for organizations without advanced threat intelligence. Additional technical indicators include registration through Fewmoretaps OU (operating as Trustname.com), a domain creation date of April 05, 2026, and resolution to IP 104.21.38.17. The domain uses a valid Let’s Encrypt SSL certificate, which may help it appear legitimate to users checking for HTTPS indicators. Despite its recent creation, the infrastructure shows signs of rapid deployment typical of opportunistic phishing campaigns, with no prior reputation in threat feeds.  Users who have visited desovex.com should immediately check browser extensions for unauthorized permissions, revoke any wallet connections made while on the site, and scan devices with updated endpoint protection. Change passwords for all crypto accounts using a different device, and review transaction histories for unauthorized transfers. Block the domain at the network level using DNS filtering or host file entries. Report the domain to your security team or abuse channels to help improve collective defenses. Monitor crypto wallet addresses involved in any unauthorized transfers, as stolen funds may still be recoverable through blockchain forensics if action is taken quickly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-05 02:15:49
- Registrar: Fewmoretaps OU d/b/a Trustname.com
- IP: 104.21.38.17

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c6140ca7-3c11-4f20-9231-e5676891a50c
- PhishDestroy: https://phishdestroy.io/domain/desovex.com/
- LLM endpoint: https://phishdestroy.io/domain/desovex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/desovex.com/
Last updated: 2026-04-13