# docusignexpressfreightfinance.com — MALICIOUS > docusignexpressfreightfinance.com is a crypto drainer impersonating DocuSign Express Freight Finance, flagged by 13 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies docusignexpressfreightfinance.com as an active crypto drainer impersonating the DocuSign Express Freight Finance brand. The domain is currently operational and poses an elevated risk to unwary users seeking financial or document verification services. Threat actors leverage deceptive branding to trick victims into connecting crypto wallets or entering sensitive credentials, resulting in fund theft. This domain was flagged by 13 of 95 VirusTotal security vendors, indicating significant malicious activity. It was registered through Wild West Domains, LLC, and resolves to the IP address 172.86.117.48. The domain was created on March 17, 2026, a recent date suggesting opportunistic exploitation of brand trust. The presence of a Let's Encrypt SSL certificate does not validate legitimacy, as threat actors frequently abuse free certificates for phishing operations. PhishDestroy’s analysis confirms this domain is untrusted, with no verifiable affiliation to legitimate financial or document services. Given the elevated risk and active status of docusignexpressfreightfinance.com, users are strongly advised to avoid interaction with this domain entirely. Never enter personal, financial, or wallet-related information on this site. If you have already engaged with this domain, disconnect any connected crypto wallets immediately and revoke permissions through your wallet provider’s security settings. Report the domain to PhishDestroy for further analysis and inclusion in global threat databases. Always verify URLs and brand legitimacy through official channels before proceeding with any financial or document transactions. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-17 16:32:09 - Registrar: Wild West Domains, LLC - IP: 172.86.117.48 ## Detection Status - VirusTotal: 13 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ed2e8dca-9b79-42cc-ac15-cfcf5c84a98a - PhishDestroy: https://phishdestroy.io/domain/docusignexpressfreightfinance.com/ - LLM endpoint: https://phishdestroy.io/domain/docusignexpressfreightfinance.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/docusignexpressfreightfinance.com/ Last updated: 2026-03-21