# itrstcptllogin.webflow.io — MALICIOUS

> Investigating itrstcptllogin.webflow.io, a credential phishing domain flagged by 15 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies itrstcptllogin.webflow.io as an active credential phishing domain impersonating a legitimate service to harvest user credentials.

This domain was flagged by 15 of 95 VirusTotal vendors and resolves to IP 172.64.151.8, hosted on Google Trust Services infrastructure. The domain, registered under Webflow, was created recently and has accrued multiple blocklist detections, though no specific registrar or creation date was provided in the available intelligence.

Given the elevated risk level and active status, users are advised to avoid interacting with this domain entirely. Organizations should block the domain and associated IP at the network perimeter. If credentials were entered, users must rotate passwords immediately and enable multi-factor authentication where applicable. Security teams should monitor for follow-on compromise attempts and update detection rules to include this domain and IP as indicators of compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.64.151.8

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/508ffaaf-202e-4755-bfcc-2e83e7c7d42b
- PhishDestroy: https://phishdestroy.io/domain/itrstcptllogin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/itrstcptllogin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/itrstcptllogin.webflow.io/
Last updated: 2026-04-01