# itrsutcapital-logun.webflow.io — MALICIOUS

> itrsutcapital-logun.webflow.io is an active investment scam impersonating ITRSUT Capital. 15/95 VirusTotal vendors flag this phishing page.

## Summary
PhishDestroy identifies the domain itrsutcapital-logun.webflow.io as a confirmed active phishing site impersonating ITRSUT Capital’s brand to harvest sensitive financial data. Threat intelligence confirms this domain is currently engaged in malicious activity designed to deceive users into disclosing login credentials or payment details under the guise of an investment platform. The infrastructure hosting the scam remains operational, indicating an elevated risk to visitors who may inadvertently access the fraudulent page.

This domain was flagged by 15 of 95 VirusTotal security vendors, indicating partial but not universal detection. It is served from IP address 104.18.36.248 and uses a Google Trust Services SSL certificate to enhance credibility. While the exact creation date is not publicly available, the presence of a valid certificate suggests recent setup—common among short-lived phishing operations. The domain is likely hosted on Webflow’s platform, which has been increasingly exploited for low-cost phishing due to its legitimate appearance and rapid deployment capabilities.

Given the active status, elevated risk, and partial detection by security tools, users and organizations are strongly advised to block access to itrsutcapital-logun.webflow.io at the network level and update DNS filters accordingly. Report the domain to your threat intelligence platform and warn stakeholders, particularly those in financial services, about the ITRSUT Capital impersonation. Exercise heightened scrutiny for any unsolicited investment offers referencing ITRSUT Capital and verify all communication through official, verified channels before engaging.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5b944e2f-7b61-4a58-a6f7-918003decded
- PhishDestroy: https://phishdestroy.io/domain/itrsutcapital-logun.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/itrsutcapital-logun.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/itrsutcapital-logun.webflow.io/
Last updated: 2026-03-29