# wildrobin.cc — SUSPICIOUS

> wildrobin.cc mimics the real Robinhood login page to steal credentials. This phishing site has 0/95 VirusTotal detections—full risk analysis inside.

## Summary
PhishDestroy identifies wildrobin.cc as an active fake Robinhood login phishing domain operating with a high-risk threat model targeting financial credentials. This domain was flagged under the 'generic_phishing' category due to its clear intent to impersonate a legitimate financial service platform for credential harvesting and potential fund theft.


All available technical indicators confirm elevated risk. The domain resolves to IP address 172.67.166.71, is registered through Gname.com Pte. Ltd., and holds a valid Let's Encrypt SSL certificate. The domain was created on March 17, 2026—indicating extremely recent deployment consistent with fast-moving phishing campaigns. As of the latest scan, VirusTotal reports 0 detections out of 95 scanners, suggesting this domain is currently under the radar of most automated defenses. There are no current listings on major blocklists such as Google Safe Browsing, PhishTank, OpenPhish, or URLVoid, further highlighting its stealthy nature.


Immediate mitigation is required for users and organizations. Block wildrobin.cc and 172.67.166.71 at the network and DNS levels. Users should verify any Robinhood-related login links by manually typing the official domain (robinhood.com) into their browser and enabling two-factor authentication. Financial institutions should monitor for unauthorized credential use and flag transactions originating from sessions associated with this domain. Given the domain's recent creation and zero detection rate, organizations are advised to treat this as a high-confidence threat and update their threat intelligence feeds accordingly. This assessment will be updated as new data becomes available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 00:00:23
- Registrar: Gname.com Pte. Ltd.
- IP: 172.67.166.71

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/wildrobin.cc
- PhishDestroy: https://phishdestroy.io/domain/wildrobin.cc/
- LLM endpoint: https://phishdestroy.io/domain/wildrobin.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wildrobin.cc/
Last updated: 2026-04-04