# bt-109509.square.site — MALICIOUS

> Analysis of bt-109509.square.site shows generic phishing activity, with 20/95 vendors flagging it. Check the full report.

## Summary
PhishDestroy identifies bt-109509.square.site as an active generic phishing domain leveraging deceptive tactics to impersonate legitimate services. This domain poses a clear threat to unsuspecting users who may be tricked into entering sensitive credentials or downloading malware under the guise of a trusted platform. The domain’s structure closely mimics authentic Square-based subdomains, increasing the likelihood of success for social engineering attacks. Security teams should treat this as an elevated risk and prioritize blocking mechanisms to prevent potential compromises.

This domain was flagged by 20 of 95 security vendors on VirusTotal, indicating broad recognition of its malicious nature within the threat intelligence community. Registered through MarkMonitor Inc. on February 05, 2019, the domain resolves to IP address 74.115.51.5 and utilizes a Let's Encrypt SSL certificate to enhance its perceived legitimacy. These technical indicators, combined with its sustained activity over five years, underscore its persistent use in phishing campaigns targeting both individuals and organizations.

Users who have visited bt-109509.square.site should immediately check their systems for signs of compromise, such as unauthorized login attempts or unusual network traffic. If any credentials were entered, change passwords immediately and enable multi-factor authentication where possible. System administrators are advised to block the domain at the network level using the IP and domain indicators provided. For further investigation, cross-reference logs with known IOCs to determine the scope of potential exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2019-02-05 14:02:28
- Registrar: MarkMonitor Inc.
- IP: 74.115.51.5

## Detection Status
- VirusTotal: 20 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/bt-109509.square.site
- PhishDestroy: https://phishdestroy.io/domain/bt-109509.square.site/
- LLM endpoint: https://phishdestroy.io/domain/bt-109509.square.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bt-109509.square.site/
Last updated: 2026-04-02