# blur-world.xyz — MALICIOUS

> blur-world.xyz is linked to generic phishing and under investigation. Learn about its risk and technical details to stay protected.

## Summary
PhishDestroy identifies blur-world.xyz as a domain associated with generic phishing activities. Although the domain has not yet been flagged by any major security vendors, its recent creation and suspicious usage patterns warrant close monitoring. The exact nature of the phishing attempt remains under investigation as no explicit malicious content has been confirmed at this stage.

The domain blur-world.xyz was registered on March 4, 2026, through PDR Ltd., operating as PublicDomainRegistry.com. It resolves to the IP address 104.21.51.115, a server that currently has no known links to established phishing campaigns. VirusTotal analysis shows zero detections among 95 scanners, indicating either a novel threat or a low-profile phishing attempt that has not yet triggered traditional detection mechanisms. This infrastructure profile suggests early-stage activity or an evolving threat.

As blur-world.xyz remains active with an ongoing risk assessment, PhishDestroy recommends maintaining heightened vigilance. Users and organizations are advised to block access to this domain preemptively and monitor for any suspicious communications referencing blur-world.xyz. Security teams should also consider implementing domain reputation monitoring tools and ensure employee phishing awareness training is up to date to mitigate potential risks posed by emerging phishing threats like this.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Blur
- Page title: Airdrop Claim

## Domain Intelligence
- Registered: 2026-03-07 03:07:01
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 104.21.51.115
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["demi.ns.cloudflare.com", "eoin.ns.cloudflare.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "SOCRadar", "Sophos", "Trustwave", "URLQuery", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/Zp6bLcxb/b4dcc697bca7.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/95b22ed7-1e95-4811-ab81-300f15e3b597
- Wayback Machine: https://web.archive.org/web/https://blur-world.xyz
- PhishDestroy: https://phishdestroy.io/domain/blur-world.xyz/
- LLM endpoint: https://phishdestroy.io/domain/blur-world.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/blur-world.xyz/
Last updated: 2026-03-19