# gobexa.com — SUSPICIOUS

> gobexa.com is a newly flagged fake payment processor domain (created April 2026) hosting a generic phishing page.

## Summary
PhishDestroy identifies gobexa.com as an active generic phishing domain registered on April 03, 2026, with a Let's Encrypt SSL certificate. This domain is currently under investigation for impersonating legitimate financial services (payment processors) to harvest user credentials and cryptocurrency. While no specific brand or drainer kit payload has been confirmed in available telemetry, the absence of VirusTotal detections (0/95) suggests evasion tactics or a newly deployed threat actor infrastructure. Domain registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, and hosting on IP 188.114.96.3—shared with known malicious campaigns—further corroborates its malicious intent.  Domain analysis reveals critical technical indicators: a 0/95 VirusTotal detection ratio, registration via NICENIC INTERNATIONAL GROUP CO., LIMITED, resolution to IP 188.114.96.3, and a creation date of April 03, 2026. The domain employs a Let's Encrypt SSL certificate, likely to mislead users into believing it is legitimate. As of this report, no blocklist entries have been recorded in PhishDestroy’s systems, indicating its relative novelty. Threat actors commonly exploit newly registered domains with short lifespans to evade detection, making immediate scrutiny essential.  The current status of gobexa.com is active and under investigation (Unique Seed: 19961f). Affected users should immediately block the domain at network and endpoint levels, avoid any form of interaction, and report credentials or cryptocurrency wallet exposures to relevant authorities. While the immediate risk remains high due to its recency and low detection rate, coordinated takedown efforts and sandbox analysis are underway. Remaining risk hinges on rapid containment; however, users are strongly advised to treat this domain as hostile until further forensic validation confirms its dissipation or transformation into benign infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-03 20:14:54
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/gobexa.com
- PhishDestroy: https://phishdestroy.io/domain/gobexa.com/
- LLM endpoint: https://phishdestroy.io/domain/gobexa.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gobexa.com/
Last updated: 2026-04-07