# westernunionsf.ricohtrac.com — MALICIOUS > westernunionsf.ricohtrac.com mimics Western Union to steal data. 17/95 security vendors flagged this active phishing site. Check the full report. ## Summary PhishDestroy identifies westernunionsf.ricohtrac.com as an active Western Union impersonation phishing domain designed to trick visitors into entering sensitive financial or personal details. This malicious site presents itself as a Western Union portal while operating under no legitimate relation to the actual money transfer service. The domain is engineered to harvest user credentials or payment information under false pretenses, making anyone who visits vulnerable to financial fraud or identity theft. This is not a legitimate Western Union site and should be avoided entirely. This domain was flagged by security vendors after 17 of 95 threat detection engines identified it as malicious. The domain was created on February 25, 2010, and is currently registered through Cloudflare, Inc., using a Let's Encrypt SSL certificate. It resolves to IP address 104.18.22.71 and continues to be actively used in phishing campaigns targeting users expecting Western Union services. The combination of an outdated domain and high detection rate strongly indicates ongoing criminal activity linked to this infrastructure. If you have visited westernunionsf.ricohtrac.com, avoid entering any personal, financial, or login information. Immediately stop all interaction with the site and disconnect from the internet if possible. Scan your device using a trusted antivirus tool and monitor accounts for suspicious transactions. Report the incident to Western Union support and your bank if any financial details were exposed. Consider changing passwords for related accounts, enable two-factor authentication, and avoid clicking links from unsolicited emails or messages claiming to be from Western Union. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2010-02-25 17:13:41 - Registrar: Cloudflare, Inc. - IP: 104.18.22.71 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f058f406-7c76-42c0-a8ee-922767aa9b04 - PhishDestroy: https://phishdestroy.io/domain/westernunionsf.ricohtrac.com/ - LLM endpoint: https://phishdestroy.io/domain/westernunionsf.ricohtrac.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/westernunionsf.ricohtrac.com/ Last updated: 2026-03-22