# go-doc.ru — MALICIOUS

> go-doc.ru is a credential-harvesting phishing site blocked by 16/95 VirusTotal scanners. Learn how to identify and avoid this high-risk scam.

## Summary
PhishDestroy identifies go-doc.ru as a live credential-harvesting webpage designed to steal login details. Visitors are shown fake document-upload forms that mimic popular cloud services, luring users into entering their real credentials which are immediately sent to attacker-controlled servers.

This domain was flagged by 16 of 95 VirusTotal security vendors, registered on September 9, 2020 via REGRU-RU, and resolves to IP address 37.140.192.171. It is also blocked by PhishingArmy, Hagezi, and OISD, and secured with a Let’s Encrypt SSL certificate to appear trustworthy.

If you visited go-doc.ru, avoid entering any personal information. Close the page immediately and run a full antivirus scan. Change passwords only on sites you trust after confirming no keystroke loggers are active on your device.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2020-09-09 16:51:46
- Registrar: REGRU-RU
- IP: 37.140.192.171

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishingArmy", "Hagezi", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/go-doc.ru
- PhishDestroy: https://phishdestroy.io/domain/go-doc.ru/
- LLM endpoint: https://phishdestroy.io/domain/go-doc.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/go-doc.ru/
Last updated: 2026-04-10