# airtm.cfd — SUSPICIOUS

> PhishDestroy identifies airtm.cfd as a fraudulent AIRTM impersonator distributing credential theft malware. Resolves to 2.57.91.

## Summary
PhishDestroy identifies airtm.cfd as an active domain engaged in brand impersonation targeting AIRTM users for credential theft. The domain is currently flagged as a generic phishing site and remains under investigation for malicious payload delivery.

This domain was flagged by 0 of 95 VirusTotal vendors, registered through HOSTINGER operations, UAB, resolving to IP 2.57.91.91. The domain was created on November 06, 2025, and currently shows no detections on VirusTotal. Trust scores and blocklist counts remain unverified at this stage due to its recent creation.

PhishDestroy recommends users avoid accessing airtm.cfd entirely. Users who may have entered credentials on this domain should immediately change passwords on AIRTM’s official platform and enable multi-factor authentication. Organizations should block the domain at the network level and monitor for associated IP traffic. Report any interactions with this domain to PhishDestroy for further analysis and mitigation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-06 02:36:39
- Registrar: HOSTINGER operations, UAB
- IP: 2.57.91.91

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/54b3da6e-7404-4dee-8e28-1091306fcfb4
- PhishDestroy: https://phishdestroy.io/domain/airtm.cfd/
- LLM endpoint: https://phishdestroy.io/domain/airtm.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/airtm.cfd/
Last updated: 2026-03-23