# getstarted-onboarding.com — MALICIOUS > PhishDestroy identifies getstarted-onboarding.com as an Evilginx phishing page hosting fake onboarding portals. ## Summary PhishDestroy identifies getstarted-onboarding.com as an active Evilginx phishing site designed to harvest login credentials under the guise of a user onboarding portal. By impersonating legitimate authentication flows, the domain lures visitors into entering their usernames and passwords into counterfeit forms that forward credentials to attacker-controlled servers. This technique, known as adversary-in-the-middle, allows criminals to bypass multi-factor authentication by intercepting session tokens in real time. The page relies on social engineering rather than technical exploits, making it particularly deceptive for users expecting routine account setup. This domain was flagged by exactly five out of ninety-five VirusTotal security vendors within hours of detection, indicating limited but concerning recognition. The domain was created on October 1, 2025, less than one week ago, and is registered through ENOM, INC., a large domain registrar commonly used by malicious actors due to lax identity verification. Its SSL certificate, issued by Google Trust Services, contributes to its appearance of legitimacy despite being newly minted and already resolving to IP address 188.114.96.3. The domain has also been blocked by Maltrail and appears on one additional security blocklist, underscoring its immediate threat profile and rapid dissemination among defensive systems. If you visited getstarted-onboarding.com, assume your credentials may have been compromised. Immediately change the passwords for any accounts you entered on the site and enable multi-factor authentication if not already active. Check your account activity for unusual logins or transactions, especially within the past hour. Notify your organization’s security team or your email provider if the site targeted corporate credentials. Consider revoking any session tokens or OAuth grants issued around the time of your visit. To prevent future exposure, bookmark only official domains and verify URLs through official channels before entering sensitive information. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-01 00:17:58 - Registrar: ENOM, INC. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["Maltrail"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/36171f7c-6f59-426c-ac87-e944a7108e4e - PhishDestroy: https://phishdestroy.io/domain/getstarted-onboarding.com/ - LLM endpoint: https://phishdestroy.io/domain/getstarted-onboarding.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/getstarted-onboarding.com/ Last updated: 2026-03-22