# exonvex.io — SUSPICIOUS

> Exonvex.io impersonated Ethereum in a cryptocurrency scam. The domain is now offline. Stay cautious and verify before trading crypto on unfamiliar sites.

## Summary
PhishDestroy identifies exonvex.io as a medium-risk brand impersonation threat targeting Ethereum users. The domain was used to mimic a legitimate cryptocurrency exchange, attempting to deceive victims into buying or selling Bitcoin and Ethereum through a fake platform. Such impersonation attacks can lead to significant financial loss and compromise of personal credentials, emphasizing the importance of vigilance when interacting with crypto services.

The infrastructure behind exonvex.io was relatively short-lived, with the domain registered on February 21, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolved to the IPv6 address 2606:4700:3030::ac43:da01 and appeared on one security blocklist. VirusTotal flagged the domain by 3 out of 95 security vendors, indicating some detection but not widespread coverage. Notably, the domain has since been taken offline, reducing immediate risk but not negating past threats.

Users are advised to avoid engaging with exonvex.io or similar suspicious domains impersonating trusted crypto brands like Ethereum. Always verify the authenticity of cryptocurrency exchanges by checking official websites and trusted sources. Employ security tools like browser blocklists and endpoint protection to mitigate phishing risks. If you suspect you have interacted with exonvex.io, monitor your accounts for unauthorized activity and update your credentials promptly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ethereum
- Page title: Buy & Sell Bitcoin, Ethereum | Cryptocurrency Exchange | Exonvex

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 2606:4700:3030::ac43:da01
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["johnny.ns.cloudflare.com", "ophelia.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Fortinet", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b3cf7-1788-776a-b32a-8fbff93d7fac.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ed34f8eb-e7b9-4713-ad1f-78bde42fea3d
- PhishDestroy: https://phishdestroy.io/domain/exonvex.io/
- LLM endpoint: https://phishdestroy.io/domain/exonvex.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exonvex.io/
Last updated: 2026-03-19