# vexosa155.vg — SUSPICIOUS

> PhishDestroy identifies vexosa155.vg as an active generic phishing domain flagged by VirusTotal with 0/95 detections. Check the full report.

## Summary
PhishDestroy identifies vexosa155.vg as an active generic phishing domain posing an ongoing threat to unsuspecting users. This domain, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, was created on March 21, 2026, and resolves to the IP address 188.114.97.3. The domain utilizes a Let's Encrypt SSL certificate, a common tactic to lend false legitimacy to phishing pages. As of current analysis, VirusTotal shows 0 detections out of 95 security vendors, indicating a low initial flagging rate despite active malicious operations. With no presence on major blocklists or trust score repositories at this time, the domain remains unchecked and poses a latent but immediate risk to users who may encounter it through misleading links or impersonation campaigns.  This domain was flagged under the generic phishing threat category following routine behavioral analysis. Its technical profile includes minimal detection coverage (0/95) on VirusTotal, a high-risk hosting IP (188.114.97.3), and a recently established registration date (March 21, 2026). The use of a legitimate-looking SSL certificate via Let's Encrypt further obscures its malicious intent, increasing the likelihood of successful deception. The registrar, NICENIC INTERNATIONAL GROUP CO., LIMITED, has been associated with multiple phishing and fraudulent domains in the past, though not all domains registered through this entity are malicious. Current intelligence suggests this domain is part of an emerging campaign, likely in early deployment stages, with potential to escalate rapidly.  To mitigate exposure to vexosa155.vg and similar generic phishing domains, users should avoid clicking on unsolicited links and verify domain authenticity through independent sources. Organizations are advised to implement DNS filtering to block known malicious domains and monitor outbound traffic for connections to 188.114.97.3. Immediate reporting of this domain to threat intelligence platforms and local CERT teams is recommended to accelerate remediation and prevent propagation. Users who suspect interaction with this domain should perform a full security scan and reset credentials used on suspicious sites. Proactive threat sharing and domain reputation monitoring remain critical in combating rapidly evolving phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 10:26:49
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/vexosa155.vg
- PhishDestroy: https://phishdestroy.io/domain/vexosa155.vg/
- LLM endpoint: https://phishdestroy.io/domain/vexosa155.vg/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/vexosa155.vg/
Last updated: 2026-04-04