# office.bluedoc.uk — MALICIOUS

> office.bluedoc.uk is impersonating Microsoft Office 365 to steal credentials. Flagged by 17 of 95 VirusTotal vendors, block your login immediately.

## Summary
PhishDestroy identifies office.bluedoc.uk as an active generic phishing domain impersonating Microsoft Office 365 to harvest user credentials.

This domain was flagged by 17 of 95 VirusTotal security vendors, registered through Cloudflare, Inc., resolving to IP 167.172.199.98. The domain was created on March 19, 2026, and is listed on Google Safe Browsing under SOCIAL_ENGINEERING with a Let’s Encrypt SSL certificate.

The threat is currently active and poses a high risk to users. PhishDestroy recommends blocking the domain at the network level, avoiding interaction, and reporting the URL to security teams via Google Safe Browsing or local CERT. Users who have accessed the site should change passwords immediately and enable multi-factor authentication where applicable.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-19 00:00:00
- Registrar: Cloudflare, Inc. [Tag = CLOUDFLARE]
- IP: 167.172.199.98

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/97e97975-5b10-4674-a78c-5e8e4b90e1bb
- PhishDestroy: https://phishdestroy.io/domain/office.bluedoc.uk/
- LLM endpoint: https://phishdestroy.io/domain/office.bluedoc.uk/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/office.bluedoc.uk/
Last updated: 2026-03-23