# blink.new — SUSPICIOUS

> Warning: blink.new impersonates a login page to steal credentials. PhishDestroy flags 1/95 vendors; domain created Feb 19, 2025.

## Summary
PhishDestroy identifies blink.new as an active fake-login phishing domain that mimics legitimate login pages to harvest user credentials. Visiting this site may expose your account details to threat actors who can then abuse them for unauthorized access, financial theft, or further spear-phishing campaigns. The landing page typically replicates a well-known brand’s authentication flow, tricking users into entering their usernames and passwords. Once captured, these credentials are exfiltrated to command-and-control infrastructure controlled by the attacker, enabling follow-on attacks such as account takeover or identity fraud. Immediate action is required if you have recently visited this domain or entered any information.  

This domain was flagged by PhishDestroy after VirusTotal analysis revealed only 1 out of 95 security vendors had detected its malicious nature. Technical analysis shows the domain resolves to IP address 151.101.2.15 and is served over HTTPS using a Let’s Encrypt certificate, which helps it appear legitimate. WHOIS records indicate the domain was registered on February 19, 2025, through Namecheap Inc., a hosting provider frequently exploited by threat actors due to lax oversight and low barriers to registration. The combination of a recently created domain, low detection rate, and use of a trusted SSL issuer highlights the sophistication and stealth of this phishing campaign. We assess the risk as elevated, with potential for widespread impact given the domain’s recent activation and minimal detection coverage. Users should treat any interaction with this site as high-risk and avoid entering sensitive information.  

If you visited blink.new or entered credentials on the page, immediately change your passwords for that service and enable multi-factor authentication where available. Scan your device for malware using reputable antivirus software, as some phishing pages may deliver malicious payloads like keyloggers or remote access trojans. Report the domain to PhishDestroy and your security team for further investigation. Avoid clicking links from unsolicited emails or messages referencing this domain. Always verify URLs manually by typing the correct domain into your browser or using a trusted URL expander service. Monitor your accounts for unusual activity and consider freezing financial accounts if any credentials were shared. PhishDestroy continues to monitor this domain and will update advisories as new intelligence emerges. Proactive vigilance and prompt response are essential to reduce the risk of credential compromise and downstream attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-19 23:36:16
- Registrar: Namecheap Inc.
- IP: 151.101.2.15

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ce2d3b77-6d71-4c7b-a417-25762190606f
- PhishDestroy: https://phishdestroy.io/domain/blink.new/
- LLM endpoint: https://phishdestroy.io/domain/blink.new/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/blink.new/
Last updated: 2026-03-26