# flyingtulilp.com — SUSPICIOUS

> Discover if flyingtulilp.com is safe to visit. Learn about its phishing activity and why it was taken offline.

## Summary
PhishDestroy identifies flyingtulilp.com as a medium-risk generic phishing domain. It was registered on February 21, 2026, via NICENIC INTERNATIONAL GROUP CO., LIMITED and has been actively flagged for suspicious activity related to credential theft attempts.

Technical indicators reveal this domain appeared on four separate security blocklists and was flagged by multiple antivirus vendors on VirusTotal. These findings suggest it was part of a broader phishing infrastructure leveraging newly registered domains to deceive users. The domain's infrastructure showed no complex evasion but consistent use in phishing campaigns targeting general users.

Currently, flyingtulilp.com is offline, indicating successful takedown or voluntary suspension. PhishDestroy recommends continued monitoring for related domains and vigilance against similar phishing techniques. Users should remain cautious of communications referencing this domain to avoid credential compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: flyingtulilp.com | 521: Web server is down

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.174.80
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kyle.ns.cloudflare.com", "nadia.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["Fortinet", "Gridinsoft", "Seclookup", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ba851-607b-77fd-a9a1-c2cc32cf9d10.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2446eabe-213b-4716-8a06-663a0e8df546
- PhishDestroy: https://phishdestroy.io/domain/flyingtulilp.com/
- LLM endpoint: https://phishdestroy.io/domain/flyingtulilp.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/flyingtulilp.com/
Last updated: 2026-03-19