# app-rhea.com — MALICIOUS

> app-rhea.com is a phishing domain now offline. Avoid sharing personal info and stay cautious of suspicious links.

## Summary
PhishDestroy identifies app-rhea.com as a medium-risk phishing domain designed to trick users into revealing sensitive information. This site was created recently and flagged on multiple security blocklists, indicating its malicious intent.

The phishing tactic used involves impersonating legitimate services to lure users into submitting personal data, such as login credentials or financial details. Although the domain is currently offline, it previously posed a threat by exploiting user trust.

If a user has visited app-rhea.com, they should immediately change any passwords entered, monitor accounts for unusual activity, and run a malware scan. Staying vigilant and reporting suspicious sites helps protect against future attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: RHEA Finance

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 172.67.131.136
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 8 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 6 hits
  Lists: ["PhishDestroy", "MetaMask", "Polkadot", "SEAL", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198d894-e173-7389-8711-1dd05f3b0cf4.png
- PhishDestroy: https://phishdestroy.io/domain/app-rhea.com/
- LLM endpoint: https://phishdestroy.io/domain/app-rhea.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-rhea.com/
Last updated: 2026-03-18