# collabox.net — SUSPICIOUS

> collabox.net was flagged for generic phishing activity and is now offline. Stay alert and avoid suspicious logins linked to this domain.

## Summary
PhishDestroy has identified collabox.net as a medium-risk phishing domain targeting users through a fake login page titled "Login - ET-SIGN." This type of phishing seeks to trick victims into submitting sensitive credentials, posing a serious threat to personal and organizational security. Timely identification and takedown are crucial to minimizing exposure and preventing identity theft or unauthorized access.

The domain collabox.net was registered on March 6, 2026, through NiceNIC International Group Co., Limited. It resolved to the IP address 104.21.29.106 and appeared on three security blocklists. VirusTotal flagged it on 3 out of 95 security vendors, indicating moderate detection. The overall Gridinsoft trust score was 0 out of 100, reinforcing its malicious nature. At present, collabox.net has been taken offline, disrupting ongoing phishing operations.

Users are advised to remain vigilant for phishing attempts mimicking legitimate login portals, especially those resembling ET-SIGN services. Avoid clicking suspicious links or providing credentials on unfamiliar sites. If you suspect exposure, change passwords immediately and monitor accounts for unauthorized activity. Leveraging security tools and awareness can help prevent falling victim to similar phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: Login - ET-SIGN

## Domain Intelligence
- Registered: 2026-03-06 21:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.29.106
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dara.ns.cloudflare.com lennon.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["Fortinet", "Gridinsoft", "Seclookup"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/whKQMKZX/57110c271b23.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a2251f1d-4aa9-48b3-a0ae-51928f76d527
- Wayback Machine: https://web.archive.org/web/https://collabox.net
- PhishDestroy: https://phishdestroy.io/domain/collabox.net/
- LLM endpoint: https://phishdestroy.io/domain/collabox.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/collabox.net/
Last updated: 2026-03-19