# connect-lobstarwilde.com — SUSPICIOUS > connect-lobstarwilde.com impersonates Microsoft to steal credentials. Flagged by 0/95 VirusTotal scanners. Check the full report. ## Summary PhishDestroy identifies connect-lobstarwilde.com as a live Microsoft-brand impersonation phishing host currently under investigation for credential theft activities. The domain is active as of March 21, 2026, and remains unblocked across major threat intelligence platforms. Analysis confirms use of Let's Encrypt SSL and hosting at 104.21.61.219 via NICENIC INTERNATIONAL GROUP CO., LIMITED, indicating minimal infrastructure hygiene and high operational opacity typical of modern phishing campaigns. This domain was flagged by 0 of 95 VirusTotal vendors during initial analysis, demonstrating its stealth characteristics within automated detection ecosystems. Registrar records show creation on March 21, 2026 with resolution to IP 104.21.61.219, a known hosting infrastructure shared with multiple low-reputation domains. The combination of recent creation, lack of third-party detection, and use of reputable certificate authorities suggests this campaign is either newly deployed or deliberately avoiding mass-scanning environments to maximize dwell time and victim engagement. Until full behavior profiling completes, PhishDestroy recommends immediate network-level blocking of connect-lobstarwilde.com and 104.21.61.219. Security teams should inspect DNS query logs for historical resolutions and scan endpoints for interaction with this domain via proxy or firewall telemetry. Users should treat any unsolicited communications referencing Microsoft services and including links to this domain as HIGH RISK credential phishing attempts. No official Microsoft communications originate from this domain or infrastructure block. Monitor this entry for updated detection signatures and adjust blocking policies accordingly. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 10:45:51 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.61.219 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/07dc754f-5131-4039-9820-322368691006 - PhishDestroy: https://phishdestroy.io/domain/connect-lobstarwilde.com/ - LLM endpoint: https://phishdestroy.io/domain/connect-lobstarwilde.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connect-lobstarwilde.com/ Last updated: 2026-03-21