# fokus-vexfin.com — SUSPICIOUS > PhishDestroy identifies fokus-vexfin.com as a credential-theft page. Registered 12/02/25, this fraudulent site is hosted on 91.236.116. ## Summary PhishDestroy has identified fokus-vexfin.com as a credential-theft landing page under active investigation. This domain resolves to IP address 91.236.116.172 and was registered through NETIM just days ago on December 02, 2025. VirusTotal currently shows zero detections out of 95 engines, indicating this phishing asset remains undetected by most scanners. The site poses an immediate risk because it masquerades as a legitimate login portal to harvest usernames and passwords. Unlike generic phishing templates, this campaign uses a freshly minted domain that avoids immediate blacklisting, giving it a dangerous runway to collect credentials from unsuspecting visitors. If you visited fokus-vexfin.com, assume your login details were compromised. Immediately change the password you entered on the site and enable multi-factor authentication on all linked accounts. Scan your device for malware and monitor financial accounts for suspicious transactions. Report the domain to your IT team or to PhishDestroy to help block future visitors. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-12-02 11:31:09 - Registrar: NETIM - IP: 91.236.116.172 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/595a28b2-644c-49bc-b6c4-a6622e48f021 - PhishDestroy: https://phishdestroy.io/domain/fokus-vexfin.com/ - LLM endpoint: https://phishdestroy.io/domain/fokus-vexfin.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fokus-vexfin.com/ Last updated: 2026-03-21