# auth-itrust-capital-sso.square.site — MALICIOUS

> auth-itrust-capital-sso.square.site is a high-risk phishing domain. Stay alert and avoid interactions with this site to protect your data.

## Summary
PhishDestroy identifies auth-itrust-capital-sso.square.site as a high-risk phishing domain. Classified under generic phishing threats, it aims to deceive users with a fraudulent page that could harvest sensitive information or credentials.

Evidence supporting this assessment includes the domain’s registration dating back to February 2019 via Markmonitor Inc. It currently resolves to IP 74.115.51.5 and exhibits poor PageSpeed performance (38/100), often indicative of rushed or malicious setups. Additionally, 16 out of 95 security tools on VirusTotal flag this domain, and it appears on at least one reputable security blocklist. The page title “Just a moment...” suggests an attempt to mimic legitimate loading screens to delay user suspicion.

Users are advised to avoid visiting or submitting any information on auth-itrust-capital-sso.square.site. Organizations should consider blocking the domain at perimeter defenses and educate employees about its existence. Despite being active, proactive measures can greatly reduce exposure and potential compromise from this ongoing phishing campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2019-02-05 14:02:28
- Expires: 2031-02-05 00:00:00
- Registrar: Markmonitor Inc.
- Country: USA
- IP: 74.115.51.5
- Nameservers: ["ns-1248.awsdns-28.org", "ns-1816.awsdns-35.co.uk", "ns-311.awsdns-38.com", "ns-810.awsdns-37.net"]

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Netcraft", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c66a8-ce0c-73b6-83bb-406bf49841ec.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0c99efa7-1faa-4c6f-8c93-68afc5e9f373
- PhishDestroy: https://phishdestroy.io/domain/auth-itrust-capital-sso.square.site/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auth-itrust-capital-sso.square.site/
Last updated: 2026-03-14