# update365bonline.online — SUSPICIOUS > update365bonline.online is a credential phishing site impersonating Microsoft. Detected by only 1/95 VirusTotal scanners, users should avoid entering any. ## Summary PhishDestroy identifies update365bonline.online as an active credential phishing domain designed to mimic Microsoft services. This domain employs a classic drainer kit strategy, luring users into entering their login credentials under the guise of a fake 'update365bonline' portal. The threat actor leverages social engineering by mimicking a legitimate Microsoft-branded update page, likely distributed through phishing emails or malicious ads. The domain's infrastructure suggests a hasty setup, with minimal detection coverage and a focus on exploiting user trust in well-known software brands. This domain was flagged by VirusTotal with a detection score of 1 out of 95 security vendors, indicating extremely low visibility among scanning tools. It was registered through HOSTINGER operations, UAB, on March 27, 2024, and resolves to the IP address 145.79.213.135. The domain utilizes a Let's Encrypt SSL certificate, which may lend an air of legitimacy to unsuspecting users. As of the latest assessment, the domain remains active, with no known inclusion in Google Safe Browsing (GSB) blocklists. The low detection rate and recent registration date suggest this is a newly deployed threat with potential for widespread abuse if left unchecked. The current status of update365bonline.online is active, with no immediate takedown or blocklisting observed. Users are strongly advised to avoid interacting with this domain or any associated links, as it poses an elevated risk of credential theft. To mitigate exposure, security teams should consider blocking the domain at the network level and updating endpoint protection rules to flag this IP (145.79.213.135) and domain. The remaining risk is elevated due to the domain's low detection rate and the likelihood of further campaigns leveraging similar infrastructure. Proactive monitoring and user education on recognizing credential phishing attempts are critical to reducing the threat posed by this domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-27 10:17:04 - Registrar: HOSTINGER operations, UAB - IP: 145.79.213.135 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/14987700-8f9e-420f-96e0-96bb6d5a9a89 - PhishDestroy: https://phishdestroy.io/domain/update365bonline.online/ - LLM endpoint: https://phishdestroy.io/domain/update365bonline.online/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/update365bonline.online/ Last updated: 2026-03-27