# flyingtuilip.com — MALICIOUS

> Warning: flyingtuilip.com is a medium-risk phishing site taken offline. Avoid sharing personal info or credentials with this domain.

## Summary
PhishDestroy identifies flyingtuilip.com as a medium-risk phishing domain that was designed to deceive internet users. Although the site is currently offline, it posed a significant threat by attempting to steal sensitive information such as login credentials and personal data. Users should remain cautious of any communications or links directing to this domain.

The phishing technique employed by flyingtuilip.com likely involved mimicking legitimate websites or brands to lure victims into entering confidential details. The domain was registered recently and has appeared on multiple security blocklists, with 9 out of 95 VirusTotal vendors flagging it as malicious. It resolved to IP 172.67.216.112 and was associated with suspicious behavior noted in an AlienVault OTX threat pulse.

If you have visited flyingtuilip.com, it is recommended to immediately change any passwords you may have entered and monitor your accounts for unusual activity. Avoid clicking on any links or responding to messages linked to this domain. Ensuring your devices have updated security software and reporting any suspicious emails can help prevent further exposure to similar phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.216.112
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kyle.ns.cloudflare.com", "nadia.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "SOCRadar", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bdc11-2f34-7700-89d4-1218a708b3df.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7a748845-9d31-4fe0-9f01-abc7457dd316
- PhishDestroy: https://phishdestroy.io/domain/flyingtuilip.com/
- LLM endpoint: https://phishdestroy.io/domain/flyingtuilip.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/flyingtuilip.com/
Last updated: 2026-03-19