# alldomains.plus — SUSPICIOUS

> alldomains.plus was identified as a low-risk phishing site. The domain is currently offline. Avoid interaction and ensure your credentials remain secure.

## Summary
PhishDestroy has identified alldomains.plus as a domain involved in generic phishing activities, posing a low-level risk to users. The site exhibited suspicious behavior aimed at deceiving visitors, potentially to collect sensitive information. Although the threat level is low, users should remain vigilant when encountering unfamiliar domains.

The domain alldomains.plus was registered through PDR Ltd. d/b/a PublicDomainRegistry.com with a creation date of February 21, 2026. It resolved to the IP address 104.21.14.134. VirusTotal scans flagged the domain by 2 out of 95 security vendors, and it appears on one security blocklist, indicating some recognition of its malicious intent. The page title 'Just a moment...' suggests attempts to obscure phishing activities.

Currently, alldomains.plus is offline, reducing the immediate risk to users. PhishDestroy recommends avoiding any interaction with this domain and advises users to maintain updated security software and practice caution with unsolicited links. Monitoring for any future reactivation of the domain is also advised to prevent renewed phishing attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 104.21.14.134
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jay.ns.cloudflare.com", "heidi.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["CRDF", "Gridinsoft"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01999b2c-1013-73ba-9e7e-d6b886eea0a0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4ee94e93-5572-446b-a750-72d20fee03f7
- PhishDestroy: https://phishdestroy.io/domain/alldomains.plus/
- LLM endpoint: https://phishdestroy.io/domain/alldomains.plus/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/alldomains.plus/
Last updated: 2026-03-19