# teams.ohmybargains.com — SUSPICIOUS

> Investigating teams.ohmybargains.com for Microsoft Teams credential phishing via 2/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies teams.ohmybargains.com as an active Microsoft Teams credential phishing domain under current investigation. This domain mimics Microsoft's collaboration platform to harvest user credentials, posing a significant risk to enterprise environments.  

This domain was flagged by 2 of 95 VirusTotal vendors for phishing-related activity, with a resolution to IP 52.204.246.179. Registered through MarkMonitor, Inc., teams.ohmybargains.com was created on December 1, 2014, and currently shows no presence on major threat intelligence blocklists. The domain utilizes a Let's Encrypt SSL certificate, which may enhance its credibility in phishing lures. Its extended registration period (approaching a decade) underscores the need for proactive monitoring.  

Given the active status of this phishing campaign, immediate action is required. Organizations should block the domain at DNS and network levels, and inspect network traffic for connections to 52.204.246.179. User awareness training is strongly recommended to mitigate the risk of credential harvesting via legitimate-looking collaboration tools. Continuous monitoring for new domains mimicking Microsoft Teams is advised due to the threat actor’s potential for rapid domain rotation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-12-01 19:03:32
- Registrar: MarkMonitor, Inc.
- IP: 52.204.246.179

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/teams.ohmybargains.com
- PhishDestroy: https://phishdestroy.io/domain/teams.ohmybargains.com/
- LLM endpoint: https://phishdestroy.io/domain/teams.ohmybargains.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/teams.ohmybargains.com/
Last updated: 2026-04-05