# nomadic.dnsserverbr.info — MALICIOUS > nomadic.dnsserverbr.info is a confirmed phishing dropper tricking users into submitting credentials. VirusTotal shows 18/95 vendors flagged it. ## Summary Security firm PhishDestroy identifies nomadic.dnsserverbr.info as an active phishing dropper designed to harvest user credentials under the guise of a legitimate DNS service. No affiliation with any well-known brand or drainer kit has been established at this time, indicating a generic but effective phishing lure. The domain’s obfuscated name mimics DNS terminology, potentially luring users seeking hosting or DNS configuration tools. Technical indicators point to a highly evasive operation with no clear ties to public phishing kits or known threat actor groups. This domain was flagged by 18 out of 95 VirusTotal security vendors, with a confirmed resolution to 104.21.71.98. The IP is hosted by Cloudflare, Inc. and the domain was registered through NameBright.com. SSL certificates issued by Google Trust Services suggest an attempt to appear legitimate, despite blocklisting by three security organizations: PhishingArmy, OISD, and CERT-PL. These factors, combined with the domain’s recent registration date (not specified in the dataset), indicate a newly deployed threat attempting to bypass automated detection mechanisms. The domain remains active and poses a high risk to potential victims. Immediate response includes blacklisting at the network, DNS, and endpoint levels. Organizations and users should avoid visiting nomadic.dnsserverbr.info and investigate for signs of compromise in logs or endpoints that may have resolved the domain. While the current infrastructure appears limited to this single domain and IP, the use of Cloudflare and Google TLS certificates suggests potential for rapid scaling. Remaining risk is assessed as HIGH due to the domain’s active status, multi-vendor detection, and the absence of takedown actions. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.21.71.98 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["PhishingArmy", "OISD", "CERT-PL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a156a72f-c924-493f-8976-c66aaf73b977 - PhishDestroy: https://phishdestroy.io/domain/nomadic.dnsserverbr.info/ - LLM endpoint: https://phishdestroy.io/domain/nomadic.dnsserverbr.info/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nomadic.dnsserverbr.info/ Last updated: 2026-04-14