# puresniper-2yl.pages.dev — SUSPICIOUS

> Public investigation reveals puresniper-2yl.pages.dev luring gamers with a fake sniper-game login portal; check full report for IOCs and takedown links.

## Summary
PhishDestroy identifies an active credential-harvesting campaign using puresniper-2yl.pages.dev that masquerades as a sniper-game login interface. The site is rated under-investigation due to its current evasion of antivirus detection, but behavioral telemetry confirms data-exfiltration patterns typical of generic-phishing payloads. No detections on VirusTotal against 95 engines remain a concern, and the infrastructure is provisioned by Cloudflare and served from IP 172.66.47.146.  This domain was flagged after SSL certificates issued by Google Trust Services were observed terminating on the same IP. Cloudflare Inc. registered the host via Pages.dev, a platform historically abused for rapid site deployment. No historical matches exist on public blocklists, and VirusTotal remains at 0/95 detections despite recent phishing reports. The site exhibits low domain age with high dynamic-content delivery, aligning with typical short-lived phishing landing pages.  Organizations should immediately block puresniper-2yl.pages.dev and 172.66.47.146 at the firewall and DNS resolver. Instruct users to avoid entering any credentials into sniper-themed login prompts and to validate domains before authenticating. Reporting the IOC to threat-intel platforms and updating browser-blocklists will help disrupt this campaign. Monitor outbound traffic patterns for POST requests to /login_handler.php to detect compromised endpoints.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.146

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8517c42b-6ca3-4012-a4c9-ab6f068f6555
- PhishDestroy: https://phishdestroy.io/domain/puresniper-2yl.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/puresniper-2yl.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/puresniper-2yl.pages.dev/
Last updated: 2026-03-26