# auths-collab.land — SUSPICIOUS

> PhishDestroy identifies auths-collab.land as a Microsoft 365 credential harvesting site. 0/95 VirusTotal vendors flagged yet. Check the full report.

## Summary
PhishDestroy identifies auths-collab.land as a live Microsoft 365 credential-harvesting phishing domain currently under active investigation.

This domain exhibits classic indicators of a phishing operation targeting enterprise Microsoft cloud services. VirusTotal confirms zero detections (0/95 vendors as of seed a53917), indicating evasion of baseline detection systems. The infrastructure maps to AS13335 (Cloudflare) via IP 172.67.206.109, utilizing a Let’s Encrypt TLS certificate to enhance legitimacy. Registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 23, 2026, the domain is less than one day old and currently unlisted on major blocklists, contributing to its stealth profile and increased risk to unprotected users.

The domain remains active and poses a tangible threat to individuals and organizations relying on Microsoft 365 authentication workflows. PhishDestroy recommends immediate domain blocking at the network perimeter and user-level, DNS sinkholing, and disabling autofill for saved credentials on login prompts. Organizations should deploy real-time email filtering for URLs matching this domain and conduct end-user phishing awareness training focused on domain age, SSL usage, and spoofed login portals. Monitor SIEM logs for failed login attempts targeting Microsoft 365 services and investigate any successful authentications originating from this domain.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 18:19:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 172.67.206.109

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9836bd3c-da52-49fa-a433-c3963a376a24
- PhishDestroy: https://phishdestroy.io/domain/auths-collab.land/
- LLM endpoint: https://phishdestroy.io/domain/auths-collab.land/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auths-collab.land/
Last updated: 2026-03-24