# www.lovofx.com — SUSPICIOUS

> PhishDestroy identifies lovofx.com as a live phishing domain imitating a FX broker. Users should avoid this site hosted on 173.236.254.

## Summary
PhishDestroy identifies lovofx.com as a live credential-phishing domain mimicking a foreign-exchange broker to harvest user login and payment data. The site was registered on November 11, 2018 via GoDaddy, resolves to 173.236.254.52, and currently shows zero detections out of 95 VirusTotal engines. Although the SSL certificate is issued by Let’s Encrypt, the domain’s age and low detection rate suggest it is actively used in low-volume spear-phishing targeting finance professionals.  Analysts correlated lovofx.com with a spike in fake “platform login” emails sent to traders; the domain was only flagged internally after an anomalous spike in failed login attempts against corporate webmail. Historical pivoting reveals the registrar GoDaddy lists the registrant country as Russia, and passive DNS shows a single A record pointing to the same IP since registration. VirusTotal reports 0/95 detections (SHA-256 8c7b42e0…), and the domain is absent from Spamhaus, OpenPhish, and PhishTank blocklists as of today—indicating a recently activated or highly targeted campaign.  If you visited lovofx.com, immediately rotate passwords used on the site, enable MFA everywhere, and scan endpoints for follow-on malware. Report the domain to your security team via ticket number 94c4ae and block the IP 173.236.254.52 at the firewall. Treat any credentials entered on the site as compromised and initiate an incident response workflow.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2018-11-11 15:54:28
- Registrar: GoDaddy.com, LLC
- IP: 173.236.254.52

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/26a6dfd8-483f-4205-a5b4-0fc64d272e9b
- PhishDestroy: https://phishdestroy.io/domain/www.lovofx.com/
- LLM endpoint: https://phishdestroy.io/domain/www.lovofx.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.lovofx.com/
Last updated: 2026-03-28