# vyroget152.to — SUSPICIOUS > PhishDestroy identifies vyroget152.to as a live credential theft page. VirusTotal shows 0/95 detections while OISD already blocks it. Check the full report. ## Summary PhishDestroy identifies vyroget152.to as an active credential-theft endpoint designed to harvest user login details under the guise of a legitimate service. The domain resolves to IP 66.198.225.40 and is currently serving a live phishing page that mimics a login portal, tricking visitors into entering their credentials. Security telemetry confirms this is a targeted attack against unsuspecting users, not a mass spam campaign, making it particularly dangerous due to its selective and deceptive nature. This domain was flagged with a high-risk profile: VirusTotal shows zero detections out of 95 engines, indicating it is currently under the radar of mainstream security tools. The domain was registered through Gname.com Pte. Ltd. on March 13, 2026, and is already listed on one security blocklist—specifically blocked by OISD. The presence of a Let's Encrypt SSL certificate further enhances its credibility, masking malicious intent behind standard web encryption practices. These technical indicators suggest an emerging threat that is actively evading detection while preparing to harvest sensitive user data. If you have visited vyroget152.to, immediately change any passwords entered on the site and enable multi-factor authentication on all affected accounts. Scan your device with updated antivirus software to detect any residual malware or credential-stealing scripts. Report the domain to your IT security team or via PhishDestroy’s portal to contribute to collective threat intelligence. Avoid re-engaging with this domain, as it remains active and poses an ongoing credential theft risk. Stay vigilant and verify URLs through trusted sources before entering any login details. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-13 19:22:18 - Registrar: Gname.com Pte. Ltd. - IP: 66.198.225.40 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/vyroget152.to - PhishDestroy: https://phishdestroy.io/domain/vyroget152.to/ - LLM endpoint: https://phishdestroy.io/domain/vyroget152.to/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/vyroget152.to/ Last updated: 2026-04-04