# microsofthelp.rbiscam.com — MALICIOUS > PhishDestroy identifies microsofthelp.rbiscam.com as a live Microsoft impersonation domain. 12 out of 95 VirusTotal scanners flag this threat, which resolves. ## Summary PhishDestroy has flagged microsofthelp.rbiscam.com as an active Microsoft brand impersonation domain, posing an elevated risk to unsuspecting users seeking legitimate support. The domain was registered through GoDaddy.com, LLC on August 26, 2025, and currently resolves to 184.168.100.184. A Let’s Encrypt SSL certificate has been provisioned, lending a veneer of legitimacy while concealing its malicious intent. This domain was detected by 12 out of 95 VirusTotal security vendors, indicating partial but significant threat recognition across leading security platforms. With a recent creation date and the absence of any established trust scores, the domain exhibits hallmarks of a fast-turnaround phishing operation targeting Microsoft customers. The combination of a recognizable brand name, a newly registered domain, and a high-risk IP assignment underscores the urgency for proactive blocking and user awareness. Mitigation for this brand impersonation threat must focus on immediate network-level blocking via DNS sinkholing or firewall rules targeting the domain name and resolved IP address. Users should be advised to verify any Microsoft support contacts through official channels only, such as the verified support pages on microsoft.com. Security teams are encouraged to distribute this advisory internally and to update threat intelligence feeds with microsofthelp.rbiscam.com and 184.168.100.184 to prevent accidental exposure. Continuous monitoring for similar impersonation campaigns is recommended due to the evolving tactics used by threat actors leveraging trusted brand identities. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Microsoft ## Domain Intelligence - Registered: 2025-08-26 07:29:38 - Registrar: GoDaddy.com, LLC - IP: 184.168.100.184 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/83bed66c-9118-4f35-9676-340956219a9e - PhishDestroy: https://phishdestroy.io/domain/microsofthelp.rbiscam.com/ - LLM endpoint: https://phishdestroy.io/domain/microsofthelp.rbiscam.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/microsofthelp.rbiscam.com/ Last updated: 2026-03-24