# 0efc87c2a1aaaf03e72d6f971113a2a1.info — SUSPICIOUS

> 0efc87c2a1aaaf03e72d6f971113a2a1.info was flagged for phishing. Stay alert and avoid sharing personal info on suspicious sites.

## Summary
PhishDestroy identifies 0efc87c2a1aaaf03e72d6f971113a2a1.info as a medium-risk phishing domain. This website was associated with generic phishing attempts, aiming to deceive users into revealing sensitive information. While not among the most aggressive threats, the domain's nature warrants caution when encountered.

Technical details reveal the domain resolves to IP address 169.40.135.224. VirusTotal scans indicate that 3 out of 95 security vendors have detected this domain, suggesting limited but credible suspicion signals. The domain's infrastructure and setup align with typical phishing operations, leveraging obscured domain names to evade casual detection.

Currently, 0efc87c2a1aaaf03e72d6f971113a2a1.info is taken offline, reducing immediate risk to users. PhishDestroy recommends users remain vigilant and avoid interacting with domains that exhibit similar suspicious patterns. Employing updated security solutions and verifying website legitimacy before sharing personal data are essential practices to mitigate phishing-related threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: 403 Forbidden

## Domain Intelligence
- Registered: 2026-03-06 15:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 169.40.135.224
- IP Country: DE
- IP City: Aachen
- IP Org: AS209274 Kraken Network ISP LTD
- Nameservers: ["ns1.erans.ru", "ns2.erans.ru"]
- SSL Issuer: Default Company Ltd

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["CRDF", "Fortinet", "Gridinsoft"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc382-0d60-7534-be49-b57ba5c40032.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/0efc87c2a1aaaf03e72d6f971113a2a1.info
- Wayback Machine: https://web.archive.org/web/https://0efc87c2a1aaaf03e72d6f971113a2a1.info
- PhishDestroy: https://phishdestroy.io/domain/0efc87c2a1aaaf03e72d6f971113a2a1.info/
- LLM endpoint: https://phishdestroy.io/domain/0efc87c2a1aaaf03e72d6f971113a2a1.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/0efc87c2a1aaaf03e72d6f971113a2a1.info/
Last updated: 2026-03-19