# edoctransfer.com — SUSPICIOUS > edoctransfer.com is a live document theft phishing domain (0/95 VirusTotal detections). Check the full report for indicators and safety steps. ## Summary edoctransfer.com has been flagged by PhishDestroy for document theft phishing during active threat investigation. The domain mimics legitimate document transfer services to harvest sensitive files and user credentials. Interaction with this domain may result in unauthorized data extraction or account compromise, making it a high risk for organizations and individuals handling confidential documents. This domain was flagged using seed 12fd1d after analysis by multiple threat intelligence platforms. VirusTotal shows 0/95 detections indicating no current antivirus coverage. The domain resolves to IP 52.204.246.179 and is currently blocked by the OISD blocklist. It was registered via MarkMonitor, Inc. on March 25, 2009, and has appeared on one additional security blocklist. Despite using a Let's Encrypt SSL certificate, the domain’s reputation remains compromised due to its association with active phishing campaigns targeting document uploads and sharing services. To mitigate risk, users should avoid interacting with edoctransfer.com and report any suspicious activity. Organizations are advised to block the domain and IP at the network firewall level. If credentials or sensitive documents were shared, immediately rotate passwords and inspect connected accounts for unauthorized access. Monitor for unusual file upload patterns or data exfiltration attempts. Always validate document transfer sites via official channels before submitting sensitive information. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2009-03-25 15:15:52 - Registrar: MarkMonitor, Inc. - IP: 52.204.246.179 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/edoctransfer.com - PhishDestroy: https://phishdestroy.io/domain/edoctransfer.com/ - LLM endpoint: https://phishdestroy.io/domain/edoctransfer.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/edoctransfer.com/ Last updated: 2026-04-05