# connect-lobsterwilde.com — SUSPICIOUS > connect-lobsterwilde.com is hosting a deceptive login page as part of a credential harvesting campaign. Explore the full report for IOCs and mitigation steps. ## Summary PhishDestroy identifies connect-lobsterwilde.com as a credential harvesting domain currently under active investigation for generic phishing activity. This domain mimics a legitimate service interface, likely targeting users with a fake login prompt to exfiltrate credentials. No specific brand or drainer kit has been positively identified at this stage; however, the page structure suggests a standardized phishing template designed for mass deployment. The domain was registered on March 20, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and currently resolves to IP 172.67.204.23 with a valid Let's Encrypt SSL certificate, indicating an attempt to appear trustworthy. Technical indicators reveal a concerning lack of detection, with VirusTotal registering 0 out of 95 detections at the time of analysis. The domain is currently not flagged in Google Safe Browsing (GSB), and no entries are found in common blocklists, suggesting it is newly operational and evading initial scrutiny. The domain's recent creation date and pristine reputation across threat intelligence platforms highlight its potential for rapid spread before widespread recognition occurs. The absence of historical data and low VT score underscores the need for proactive monitoring and immediate containment. As of this advisory, the domain remains active and poses a moderate but evolving risk, classified as under_investigation with a status of active. Immediate response actions include flagging the domain at the network perimeter, updating firewall rules to block 172.67.204.23, and distributing IOCs to email security gateways. While the current risk is assessed as moderate due to low detection rates and recent registration, the lack of brand association or drainer kit specificity introduces uncertainty. Users and organizations are advised to avoid interaction with this domain, inspect DNS logs for resolution attempts, and report any observed activity to their SOC teams. Remaining risk hinges on the speed of threat intelligence dissemination and the adversary's operational tempo, which may escalate as detection rates improve. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-20 21:01:40 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.204.23 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d0e51d00-af27-4eb7-9ef9-e7d13d828dec - PhishDestroy: https://phishdestroy.io/domain/connect-lobsterwilde.com/ - LLM endpoint: https://phishdestroy.io/domain/connect-lobsterwilde.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/connect-lobsterwilde.com/ Last updated: 2026-03-21