# r.toproxy.cc — MALICIOUS

> r.toproxy.cc is flagged for phishing and is currently offline. Avoid interacting with this domain to protect your personal data and security.

## Summary
PhishDestroy identifies r.toproxy.cc as a high-risk generic phishing domain. Phishing threats like this are critical because they can deceive users into revealing sensitive information such as passwords, credit card details, or personal data, potentially leading to identity theft or financial loss. The domain's malicious intent underscores the importance of recognizing and avoiding suspicious web addresses.

The infrastructure behind r.toproxy.cc shows telltale signs of phishing activity. The domain was registered recently on February 21, 2026, through NiceNIC International Group Co., Limited, and has appeared on at least one security blocklist. VirusTotal analysis reveals that 15 out of 95 security vendors flagged the domain, reinforcing its suspicious nature. Currently, the domain is taken offline and returns a "403 Forbidden" error, which may prevent access but does not guarantee safety due to its flagged history.

Users are strongly advised to avoid visiting r.toproxy.cc or providing any personal information if encountered. If you have interacted with the domain recently, consider monitoring your accounts for unusual activity and update your passwords. Employing up-to-date security software and practicing caution with unknown links remain essential steps to safeguard against phishing threats like those posed by r.toproxy.cc.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: 403 Forbidden

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- Nameservers: ["a.dnspod.com", "c.dnspod.com"]

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bc2d0-65f7-70bf-b60f-a0ecd73dc1c2.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a45bb248-9559-490b-ac60-7faca9101d0a
- PhishDestroy: https://phishdestroy.io/domain/r.toproxy.cc/
- LLM endpoint: https://phishdestroy.io/domain/r.toproxy.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/r.toproxy.cc/
Last updated: 2026-03-19