# dexmox.com — MALICIOUS

> dexmox.com impersonates Ethereum in a high-risk crypto scam. Act now to avoid fraud. Verify before trading on dexmox.com.

## Summary
PhishDestroy identifies dexmox.com as a high-risk domain engaging in brand impersonation targeting Ethereum. The site advertises cryptocurrency exchange services, specifically promoting Bitcoin and Ethereum trading, aiming to deceive users into trusting a fraudulent platform. This impersonation poses significant financial risks to unsuspecting victims.

Dexmox.com was registered recently on February 21, 2026, through MAT BAO CORPORATION and resolves to IP address 104.21.7.131. The domain is flagged by 13 out of 95 security vendors on VirusTotal and appears on three separate security blocklists. Additionally, it has been linked to threat intelligence activity via AlienVault OTX, further confirming its malicious intent. The combination of a recent registration date, associated threat intelligence, and multiple blocklist appearances strongly indicates a fraudulent infrastructure.

Currently, dexmox.com remains active and continues to pose a threat to users seeking legitimate Ethereum-related services. PhishDestroy strongly recommends avoiding any interaction with this domain and urges users to verify the authenticity of cryptocurrency platforms before engagement. Organizations should consider blocking dexmox.com to mitigate risk and protect users from potential financial loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Target brand: Ethereum
- Page title: Buy & Sell Bitcoin, Ethereum | Cryptocurrency Exchange | Dexmox

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: MAT BAO CORPORATION
- Country: VN
- IP: 104.21.7.131
- Nameservers: ["elisabeth.ns.cloudflare.com", "walt.ns.cloudflare.com"]
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199f73d-f83b-748f-ade5-3c14506bbe7c.png
- PhishDestroy: https://phishdestroy.io/domain/dexmox.com/
- LLM endpoint: https://phishdestroy.io/domain/dexmox.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/dexmox.com/
Last updated: 2026-03-19