# rhbsjncj.phantum.biz — SUSPICIOUS > Check if rhbsjncj.phantum.biz is safe. This domain hosts a PayPal credential phishing scam. View the full threat report now. ## Summary PhishDestroy identifies rhbsjncj.phantum.biz as a live PayPal credential phishing domain under active investigation. Security researchers have flagged this domain for mimicking PayPal’s login interface to harvest credentials, with evidence of hosting on a bulletproof IP infrastructure. VirusTotal currently shows 0/95 detections, indicating this threat remains undetected by most antivirus engines, while the domain was registered through Hosting Concepts B.V. (Registrar.eu) on February 18, 2026, suggesting a recent, hastily deployed campaign aimed at exploiting user trust in familiar brands. This domain resolves to IP address 82.29.199.131, which is associated with low reputation hosting providers often used by phishing actors to evade takedowns. The domain uses a valid Let’s Encrypt SSL certificate, further enhancing its deceptive appearance by displaying a padlock icon in browsers. Despite its low detection rate on VirusTotal as of the latest scan, the absence of flags does not equate to safety—this is a classic tactic where threat actors leverage free, trusted certificates to bypass browser warnings and social engineering filters. The registration date is particularly suspicious, as it falls outside normal human behavior patterns and aligns with automated domain generation algorithms often used in bulk phishing operations. Users who have visited rhbsjncj.phantum.biz should immediately check their browser history and avoid entering any login credentials. If you suspect interaction with this site, change your PayPal password immediately using the official website (paypal.com) and enable two-factor authentication. Review financial transactions for unauthorized charges and consider using a credit monitoring service. Report the domain to PayPal’s fraud team and your local cybercrime unit. Avoid clicking any links from emails or messages purporting to be from PayPal, as this domain is likely part of a larger phishing campaign using social engineering and spoofed communications. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-18 15:05:34 - Registrar: Hosting Concepts B.V. d/b/a Registrar.eu - IP: 82.29.199.131 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6ea29611-1aa8-41de-ab05-98827db3b6aa - PhishDestroy: https://phishdestroy.io/domain/rhbsjncj.phantum.biz/ - LLM endpoint: https://phishdestroy.io/domain/rhbsjncj.phantum.biz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/rhbsjncj.phantum.biz/ Last updated: 2026-03-30