# fesonax.com — SUSPICIOUS

> fesonax.com identified as an active crypto drainer phishing domain. VT score 1/95, Let's Encrypt SSL. Do not interact, report immediately.

## Summary
PhishDestroy identifies fesonax.com as an active generic phishing domain leveraging credential theft tactics, specifically targeting cryptocurrency users. The domain was registered on March 02, 2026 through GMO Internet, Inc. and resolves to IP 172.67.153.154 with a valid Let's Encrypt SSL certificate. Security telemetry from VirusTotal indicates 1 out of 95 vendors flag this domain, suggesting early-stage deployment with limited detection coverage. While no specific crypto drainer kit or impersonated brand has been confirmed in this instance, the domain’s configuration and recent creation date align with common phishing infrastructure patterns observed in credential harvesting campaigns targeting financial services and digital asset platforms.


Technical indicators reveal critical risk factors: VirusTotal detection ratio remains exceptionally low at 1/95 security vendors, indicating evasive deployment; the domain was registered via GMO Internet, Inc., a known hosting provider implicated in malicious domains; the associated IP 172.67.153.154 is associated with Cloudflare infrastructure, commonly leveraged for phishing obfuscation; domain age is only days old, suggesting opportunistic or automated deployment; and the presence of a legitimate SSL certificate increases user trust manipulation potential. The combination of young age, low detection coverage, and Cloudflare-backed infrastructure characterizes a high-risk, fast-moving phishing domain with potential for rapid expansion.


As of current assessment, fesonax.com is actively resolving and remains unblocked by major threat intelligence systems. Users accessing this domain risk credential theft and potential cryptocurrency loss through social engineering or fake login portals. Immediate remediation includes DNS blocking at network perimeter, user awareness training, and submission to threat intelligence feeds. Remaining risk is elevated due to low detection coverage and active deployment. Security teams are advised to treat this domain as hostile and block all associated IPs and domains. While the specific payload and targeting scope remain under investigation, the combination of technical indicators and behavioral patterns confirms an elevated threat level requiring proactive containment and monitoring.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-02 17:06:14
- Registrar: GMO Internet, Inc.
- IP: 172.67.153.154

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/fesonax.com
- PhishDestroy: https://phishdestroy.io/domain/fesonax.com/
- LLM endpoint: https://phishdestroy.io/domain/fesonax.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fesonax.com/
Last updated: 2026-04-07