# omquisofy.digital — MALICIOUS

> omquisofy.digital hosted a high-risk crypto drainer phishing scam. Stay alert, avoid suspicious crypto sites, and protect your assets now.

## Summary
PhishDestroy identifies omquisofy.digital as a high-risk crypto drainer domain associated with fraudulent activity targeting cryptocurrency users. The domain was designed to steal digital assets by luring victims into deceptive schemes. Due to its malicious nature, it appeared on multiple security blocklists and was flagged by numerous antivirus vendors before being taken offline.

This phishing campaign operated under the guise of an ICO platform titled "Helvionex - ICO & Crypto." It tricked users into entering sensitive wallet credentials or private keys, enabling attackers to drain cryptocurrency funds directly from compromised accounts. The domain resolved to an IP address linked with suspicious activity and was registered using a known registrar, indicating a deliberate effort to evade detection.

Users should avoid interacting with domains like omquisofy.digital and refrain from providing private wallet information to untrusted platforms. Regularly updating security software, verifying URLs carefully, and using dedicated hardware wallets can mitigate risk. If exposure occurs, immediately move affected funds to secure wallets and report suspicious sites to security authorities.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Helvionex - ICO & Crypto

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2026-11-21 00:00:00
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 104.21.90.58
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: maxine.ns.cloudflare.com noah.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 21 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Certego", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bf93b-917a-733e-868e-5f85d81e6d77.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/832dd1ea-27b1-4788-9264-db26c340ba6e
- PhishDestroy: https://phishdestroy.io/domain/omquisofy.digital/
- LLM endpoint: https://phishdestroy.io/domain/omquisofy.digital/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/omquisofy.digital/
Last updated: 2026-03-19