# in-leo.com — SUSPICIOUS

> in-leo.com is a live credential-harvesting phishing domain flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies in-leo.com as an active credential-harvesting phishing domain targeting users via fake login pages. The domain remains under investigation and has not yet been widely blocked by security vendors.  

This domain was flagged by 0 of 95 VirusTotal vendors as of June 2025. It was registered through GoDaddy.com, LLC, resolves to IP 18.173.205.77, and was created on June 02, 2025. The domain uses a valid Amazon SSL certificate, which may lend false legitimacy to unsuspecting users. Despite its recent registration, this domain has not yet been widely detected or blacklisted, presenting an elevated risk for early victims.  

PhishDestroy advises users to avoid interacting with in-leo.com and to report any encounters to their security teams. Organizations should monitor network traffic for connections to the associated IP and consider preemptive domain blocking. Exercise heightened caution with unsolicited login prompts, even if they appear to use valid SSL certificates.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-02 12:32:41
- Registrar: GoDaddy.com, LLC
- IP: 18.173.205.77

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c697699b-1541-48d2-93bf-97f2e9e956fe
- PhishDestroy: https://phishdestroy.io/domain/in-leo.com/
- LLM endpoint: https://phishdestroy.io/domain/in-leo.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/in-leo.com/
Last updated: 2026-03-23