# ovv.pap.temporary.site — MALICIOUS > Investigating ovv.pap.temporary.site, a high-risk credential harvesting domain flagged by 10 of 95 VirusTotal vendors. ## Summary PhishDestroy identifies ovv.pap.temporary.site as an active credential harvesting phishing domain. The domain is currently operational and poses a severe risk to users through deceptive tactics aimed at stealing login credentials. No specific brand impersonation has been confirmed in the available intelligence, but the domain’s structure and behavior align with generic phishing campaigns designed for unauthorized data capture. This domain was flagged by 10 of 95 VirusTotal security vendors, indicating widespread recognition of its malicious nature. It was registered through ENOM, INC., resolves to IP address 50.6.252.207, and was created on August 04, 2023. Additionally, the domain appears on 3 security blocklists, including OpenPhish, PhishingArmy, and OISD. The domain holds an SSL certificate issued by Let's Encrypt, which may falsely imply legitimacy to unsuspecting users. Given its high-risk classification and active status, users must avoid interacting with ovv.pap.temporary.site or any associated subdomains. The presence of an SSL certificate suggests the operators are leveraging trust cues to enhance credibility, making it critical to verify URLs manually before entering sensitive information. Users should also ensure their devices are protected by updated antivirus software and report any suspected interactions with this domain to their security teams or relevant cybersecurity authorities. Network administrators are advised to block the domain and its associated IP address to prevent access within their environments. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2023-08-04 16:10:48 - Registrar: ENOM, INC. - IP: 50.6.252.207 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["OpenPhish", "PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ovv.pap.temporary.site - PhishDestroy: https://phishdestroy.io/domain/ovv.pap.temporary.site/ - LLM endpoint: https://phishdestroy.io/domain/ovv.pap.temporary.site/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ovv.pap.temporary.site/ Last updated: 2026-04-08