# eleve-vexmor.com — SUSPICIOUS

> eleve-vexmor.com identified as a credential theft site flagged by 1 of 95 VirusTotal vendors. Designed to harvest user credentials impersonating a legitimate.

## Summary
PhishDestroy identifies eleve-vexmor.com as an active credential theft site currently engaged in phishing operations targeting unsuspecting users. The domain is classified with an elevated risk level and remains in active status as of the latest analysis.

This domain was flagged by 1 of 95 VirusTotal vendors and blacklisted by Google Safe Browsing for SOCIAL_ENGINEERING tactics. Registered via NETIM on December 01, 2025, the domain resolves to IP address 91.236.116.172 and utilizes a Let’s Encrypt SSL certificate for deceptive legitimacy. The infrastructure shows minimal detection coverage, highlighting its stealthy nature.

Security teams are advised to block traffic to eleve-vexmor.com at the network perimeter and inspect DNS logs for related activity. Users should avoid accessing the domain and report any accidental interactions to security teams. Continuous monitoring of this domain is recommended due to its evolving threat potential.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-01 18:34:42
- Registrar: NETIM
- IP: 91.236.116.172

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e57c1164-16ec-4c8a-9738-4bee2cafb59a
- PhishDestroy: https://phishdestroy.io/domain/eleve-vexmor.com/
- LLM endpoint: https://phishdestroy.io/domain/eleve-vexmor.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eleve-vexmor.com/
Last updated: 2026-03-22