# runovex.com — SUSPICIOUS

> PhishDestroy identifies Runovex.com as an active credential-stealing phishing site. Flagged by 0 of 95 VirusTotal vendors, this domain was registered April.

## Summary
PhishDestroy identifies runovex.com as an active generic phishing domain currently under investigation for credential theft operations. The domain remains accessible and unresolved, posing an immediate risk to users who may encounter fraudulent login prompts or forms masquerading as legitimate services. No specific brand impersonation has been confirmed at this stage, but the infrastructure suggests opportunistic exploitation of trust in domain naming conventions.


This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a low detection rate despite clear malicious intent. The domain was registered through Fewmoretaps OU d/b/a Trustname.com on April 02, 2026, and resolves to IP address 188.114.97.3. It operates with a valid Let's Encrypt SSL certificate, enhancing its credibility to potential victims. Despite its recent creation, the domain has already been identified by multiple threat intelligence platforms due to anomalous behavior patterns linked to phishing toolkits.


The current status of runovex.com remains active, with no confirmed takedown as of this report. Users are strongly advised to avoid interacting with this domain or any associated URLs. Organizations should implement network-level blocking of the IP address 188.114.97.3 and the domain runovex.com in DNS and firewall configurations. Immediate reporting to internal security teams and external threat intelligence platforms is recommended to prevent further propagation. Enhanced user awareness training should emphasize scrutiny of recently registered domains and validation of SSL certificates, particularly those issued by automated providers like Let's Encrypt.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-02 01:50:08
- Registrar: Fewmoretaps OU d/b/a Trustname.com
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/runovex.com
- PhishDestroy: https://phishdestroy.io/domain/runovex.com/
- LLM endpoint: https://phishdestroy.io/domain/runovex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/runovex.com/
Last updated: 2026-04-07