# synways.pages.dev — MALICIOUS

> synways.pages.dev is a high-risk phishing domain flagged for social engineering. Stay alert and avoid interacting with this site to protect your data.

## Summary
PhishDestroy identifies synways.pages.dev as a generic phishing domain primarily engaged in social engineering tactics. Though the exact brand impersonation is not explicitly known, the domain was flagged due to deceptive content designed to capture sensitive user credentials. It falls under the category of high-risk phishing threats given its behavioral patterns and reported activity.

Technical analysis reveals that synways.pages.dev resolves to IP address 172.66.47.7 and is registered through Cloudflare, Inc. The domain has appeared on two separate security blocklists, and Google Safe Browsing classifies it under the "SOCIAL_ENGINEERING" threat category. VirusTotal scans returned 10 detections out of 95 security vendors, underscoring a notable level of concern among cybersecurity tools. The domain was created recently on March 10, 2026, suggesting it was part of a fresh phishing campaign leveraging Cloudflare’s hosting services.

Currently, synways.pages.dev is offline following takedown actions, which were likely prompted by the combined threat intelligence and community reporting. Despite being disabled, users should remain vigilant as phishing domains often reappear under altered URLs or different hosting setups. PhishDestroy advises users to avoid interacting with suspicious domains and to report any phishing attempts to maintain robust online security.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-10 13:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.7
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: owen.ns.cloudflare.com raegan.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["BitDefender", "CyRadar", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd7a0-2918-766c-8817-a6e90946dba7.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ace9b35e-0e75-4861-adc1-45a840725669
- PhishDestroy: https://phishdestroy.io/domain/synways.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/synways.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/synways.pages.dev/
Last updated: 2026-03-19