# rover.ltd — MALICIOUS

> Discover if rover.ltd is safe to use. Learn about its phishing risks, flagged status, and what this means for your online security.

## Summary
PhishDestroy identifies rover.ltd as an active phishing domain posing a high risk to users. Classified under generic phishing, this domain is designed to deceive victims into divulging sensitive information. The domain’s malicious intent is confirmed by its inclusion on at least one security blocklist, emphasizing its threat level within the cybersecurity community.

Technical analysis reveals that rover.ltd resolves to the IP address 104.21.65.181. VirusTotal data indicates that 10 out of 95 security vendors have flagged this domain, reinforcing its suspicious nature. The domain’s presence on a security blocklist further corroborates the findings and suggests ongoing monitoring by threat intelligence services. These indicators collectively suggest infrastructure commonly used for phishing campaigns, making rover.ltd a domain to avoid.

Currently, rover.ltd remains active and continues to pose a significant threat to users interacting with it. PhishDestroy recommends caution and advises against providing any personal or financial information on this site. Continued surveillance and reporting to security entities are critical to mitigate the risks posed by this domain and protect potential victims from phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: RoVer

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.65.181
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ns1.eggywall.cc", "ns2.eggywall.cc"]
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "Lionic", "Seclookup", "SOCRadar", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc2a4-8c56-71bf-b59c-aa45c7351f4f.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/rover.ltd
- Wayback Machine: https://web.archive.org/web/https://rover.ltd
- PhishDestroy: https://phishdestroy.io/domain/rover.ltd/
- LLM endpoint: https://phishdestroy.io/domain/rover.ltd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rover.ltd/
Last updated: 2026-03-19