# hoerix.com — SUSPICIOUS

> hoerix.com is tracking a live credential theft campaign with 0/95 VirusTotal detections. Security teams are urged to block and monitor this domain immediately.

## Summary
PhishDestroy identifies hoerix.com as a credential theft site posing as a legitimate service to harvest user login details. This domain was flagged due to its recent registration, low detection rate, and suspicious infrastructure choices. Users who visited this site should change passwords immediately and scan devices for malware.


This domain was created on March 30, 2026, and is currently resolving to IP address 104.21.31.50. It is registered through Metaregistrar BV and secured with a Let’s Encrypt SSL certificate, tactics commonly used to appear legitimate. VirusTotal currently shows zero detections out of 95 security engines, indicating it has not yet been widely recognized as malicious. The combination of recent creation, low detection rate, and standard HTTPS setup suggests this site is still in early deployment, likely targeting unsuspecting visitors through phishing emails or social media links.


If you visited hoerix.com, assume your login credentials may have been compromised. Immediately change passwords for any accounts you entered, especially if reused across services. Enable two-factor authentication where available and monitor linked email addresses for unusual activity. Run a full antivirus scan on your device to detect any keyloggers or malware. Avoid using saved passwords or autofill features on browsers going forward. Report the domain to your security team or via platforms like PhishDestroy to help block future access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-30 12:53:09
- Registrar: Metaregistrar BV
- IP: 104.21.31.50

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/hoerix.com
- PhishDestroy: https://phishdestroy.io/domain/hoerix.com/
- LLM endpoint: https://phishdestroy.io/domain/hoerix.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hoerix.com/
Last updated: 2026-04-04