# www.in22.online — SUSPICIOUS > PhishDestroy identifies www.in22.online as a credential harvesting site mimicking a generic login portal. VirusTotal shows 0/95 detections. ## Summary PhishDestroy flags www.in22.online as an active credential harvesting domain impersonating a generic login portal. The threat level is currently under investigation, but preliminary analysis suggests a high potential for user deception due to its recent creation and lack of detection coverage. This domain should be treated with caution as it may be part of a broader phishing campaign targeting unsuspecting users. This domain was flagged by PhishDestroy with a risk level classified as under_investigation. VirusTotal currently reports 0 out of 95 detection engines flagging the domain, indicating it has evaded initial scrutiny. The domain resolves to IP address 188.114.96.3 and is registered through GoDaddy.com, LLC. The SSL certificate is issued by Let's Encrypt, a detail often exploited by malicious actors to appear legitimate. The domain was created on November 10, 2025, a relatively recent date that may correlate with the onset of malicious activity. Notably, the domain remains unlisted on major threat intelligence blocklists, and its trust scores across platforms remain unverified, further highlighting its potential danger. To mitigate risks associated with this credential harvesting domain, organizations and users should immediately block access to www.in22.online at the network perimeter. Implementing DNS sinkholing for this domain can prevent users from resolving the IP address, thereby stopping potential phishing attempts at the DNS layer. Users should be alerted via internal communications to avoid interacting with any login portals linked to this domain, especially those received via unsolicited emails or messages. Additionally, monitoring for connections to IP address 188.114.96.3 may reveal compromised endpoints within the network. If any credentials have been entered into this fake login portal, users should immediately reset their passwords and enable multi-factor authentication where possible. Security teams are advised to conduct a thorough investigation to determine the scope of exposure and any potential lateral movement within the network. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-11-10 10:32:05 - Registrar: GoDaddy.com, LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/11db974f-bc11-4fc2-a0c5-c8b6ac17d60e - PhishDestroy: https://phishdestroy.io/domain/www.in22.online/ - LLM endpoint: https://phishdestroy.io/domain/www.in22.online/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/www.in22.online/ Last updated: 2026-03-24