# monvexa1.netlify.app — SUSPICIOUS > Investigation into monvexa1.netlify.app reveals a crypto drainer phishing page flagged by 2 of 95 VirusTotal vendors. Resolves to 63.176.8.218. ## Summary PhishDestroy identifies monvexa1.netlify.app as an active crypto drainer phishing domain deployed via Netlify infrastructure. The malicious domain is currently engaged in credential and cryptocurrency theft operations, posing an elevated threat to users interacting with fraudulent web3 or financial portals. This domain was flagged by 2 of 95 VirusTotal security vendors at the time of analysis, indicating limited but credible detection coverage. The domain resolves to the IPv4 address 63.176.8.218 and is hosted through Netlify, a platform frequently abused for phishing due to its legitimate appearance and rapid deployment capabilities. Historical WHOIS data suggests recent registration; however, Netlify’s anonymized registration services obscure full attribution. Despite low blocklist presence, the domain’s use of a cryptocurrency-related lure mechanism amplifies risk, particularly for blockchain users. Given the active status and confirmed malicious intent, immediate containment is advised. Network defenders should block traffic to monvexa1.netlify.app and 63.176.8.218 at DNS and firewall levels. Users are urged to avoid interacting with this domain and verify any cryptocurrency-related URLs independently. Implement behavioral detection rules for outbound connections to this IP to prevent data exfiltration in enterprise environments. Threat intelligence feeds should be updated to include this indicator under crypto drainer campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Netlify - IP: 63.176.8.218 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - PhishDestroy: https://phishdestroy.io/domain/monvexa1.netlify.app/ - LLM endpoint: https://phishdestroy.io/domain/monvexa1.netlify.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/monvexa1.netlify.app/ Last updated: 2026-03-26