# r36o.xyz — MALICIOUS

> Discover the risks linked to r36o.xyz, a high-risk phishing domain now offline. Stay protected—learn how this domain operated.

## Summary
PhishDestroy identifies r36o.xyz as a high-risk phishing domain first registered on February 21, 2026. Classified under generic phishing threats, this domain was used to deceive users by impersonating legitimate entities to steal sensitive information such as login credentials and financial data.

Technical analysis reveals that r36o.xyz was flagged by 17 out of 95 security vendors on VirusTotal and appeared on one major security blocklist. Furthermore, it was associated with two distinct threat intelligence pulses recorded by AlienVault OTX, indicating active monitoring by cybersecurity communities. The domain’s infrastructure showed indications consistent with ephemeral phishing campaigns, often leveraging newly created domains to evade detection.

Currently, r36o.xyz has been taken offline, effectively halting ongoing malicious activity. This proactive status update reflects coordinated efforts by security teams to disrupt the threat. Users are advised to remain vigilant and report suspicious emails or sites resembling this domain to maintain cybersecurity hygiene.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: welcome-BET365

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 45.196.247.160
- SSL Issuer: R12

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Cluster25", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bafb7-f7be-7388-82ac-24db35868e6a.png
- PhishDestroy: https://phishdestroy.io/domain/r36o.xyz/
- LLM endpoint: https://phishdestroy.io/domain/r36o.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/r36o.xyz/
Last updated: 2026-03-19