# saddem-osbrilcinnworld.mdbgo.io — MALICIOUS

> saddem-osbrilcinnworld.mdbgo.io impersonated Microsoft Outlook to steal credentials. Avoid interaction and report suspicious emails linked to this domain.

## Summary
PhishDestroy identifies saddem-osbrilcinnworld.mdbgo.io as a medium-risk brand impersonation phishing domain targeting Microsoft users. The domain mimicked Microsoft Outlook, aiming to deceive victims into revealing sensitive login credentials. This classification is based on its use of Microsoft branding and page titles consistent with Outlook services.

Technically, the domain resolved to IP address 93.105.88.216 and was registered through OVH SAS. It appeared on at least one security blocklist and was flagged by 9 out of 95 security vendors on VirusTotal, indicating moderate detection by threat intelligence tools. The domain was created on March 6, 2026, suggesting a recent attempt to exploit Microsoft’s brand reputation. The use of the mdbgo.io subdomain indicates potential abuse of a legitimate hosting or tunneling service to mask malicious activity.

Currently, saddem-osbrilcinnworld.mdbgo.io is offline and no longer accessible, reflecting a successful takedown or suspension. Users are advised to remain vigilant against emails or messages containing links to this domain or similar variants. Reporting any suspicious communications can help prevent further credential compromise. Continued monitoring of related domains and infrastructure is recommended to detect future phishing attempts leveraging Microsoft impersonation.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Microsoft
- Page title: Outlook

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: OVH SAS
- Country: FR
- IP: 93.105.88.216
- IP Country: PL
- IP City: Warsaw
- IP Org: AS50606 Horyzont Technologie Internetowe sp.z.o.o.
- Nameservers: ["dns17.ovh.net", "ns17.ovh.net"]
- SSL Issuer: Let's Encrypt / R13

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["Cluster25", "CRDF", "CyRadar", "Emsisoft", "G-Data", "Gridinsoft", "Netcraft", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc33c-478e-7415-8f45-eb4ec0a809df.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/saddem-osbrilcinnworld.mdbgo.io
- Wayback Machine: https://web.archive.org/web/https://saddem-osbrilcinnworld.mdbgo.io
- PhishDestroy: https://phishdestroy.io/domain/saddem-osbrilcinnworld.mdbgo.io/
- LLM endpoint: https://phishdestroy.io/domain/saddem-osbrilcinnworld.mdbgo.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/saddem-osbrilcinnworld.mdbgo.io/
Last updated: 2026-03-19