# rbfcuus.group — SUSPICIOUS

> Stay safe from phishing attacks on rbfcuus.group. Avoid entering credentials and verify official sources to protect your banking info.

## Summary
PhishDestroy identifies rbfcuus.group as a medium-risk phishing domain impersonating RBFCU’s online banking login page. This site aimed to steal user credentials through deceptive tactics.

The domain was registered recently on March 11, 2026, and resolves to IP 188.114.97.3. It appeared on three security blocklists and was flagged by three security vendors on VirusTotal, indicating suspicious activity aligned with phishing behavior.

Currently, the domain is offline and inaccessible. Users are advised to avoid interacting with suspicious links, verify URLs carefully, and report any phishing attempts. Continuous monitoring is recommended to prevent future threats from this infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 404)
- Page title: RBFCU | Login & Online Banking

## Domain Intelligence
- Registered: 2026-03-11 15:07:01
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: elliott.ns.cloudflare.com pam.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Gridinsoft", "Netcraft", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce20f-f540-764a-8b66-6fde8f95f2ef.png
- PhishDestroy: https://phishdestroy.io/domain/rbfcuus.group/
- LLM endpoint: https://phishdestroy.io/domain/rbfcuus.group/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rbfcuus.group/
Last updated: 2026-03-19