# bearaml.org — SUSPICIOUS

> PhishDestroy identifies bearaml.org as an active phishing site with 0/95 VirusTotal detections. Users should avoid this domain and report it immediately.

## Summary
PhishDestroy identifies bearaml.org as an active phishing site posing as a legitimate entity to steal sensitive user data. This domain, registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 26, 2026, currently resolves to IP 104.21.58.183 and operates under a Let's Encrypt SSL certificate for false legitimacy. Despite its recent creation and low detection rate, bearaml.org exhibits clear phishing characteristics, including suspicious infrastructure alignment with known attack patterns.  VirusTotal currently shows bearaml.org with 0/95 security vendor detections, indicating it has not yet been widely flagged in threat intelligence feeds. The domain's recent registration date (March 26, 2026) and association with PDR Ltd., a registrar frequently implicated in bulk malicious domain registrations, further raise suspicion. While the SSL certificate adds superficial credibility, the combination of zero detections, fresh registration, and high-risk registrar association places this domain at elevated risk of being weaponized for credential harvesting or malware distribution.  Users who have visited bearaml.org should immediately cease interaction and scan their devices for unauthorized access or malware. Avoid entering any credentials or personal information on this site. Report the domain to your security team or through platforms like Google Safe Browsing, PhishTank, or your antivirus provider. Block network access to IP 104.21.58.183 at the firewall level if possible. Monitor accounts for unusual activity and enable multi-factor authentication where applicable to mitigate potential compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 13:30:47
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.58.183

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a6347395-81e5-4f40-9a38-5a9862307d1c
- PhishDestroy: https://phishdestroy.io/domain/bearaml.org/
- LLM endpoint: https://phishdestroy.io/domain/bearaml.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bearaml.org/
Last updated: 2026-04-13