# itrust-login-cpital.pages.dev — MALICIOUS

> itrust-login-cpital.pages.dev confirmed as a high-risk phishing domain. Learn about its status, risks, and how PhishDestroy tracks this threat.

## Summary
PhishDestroy identifies itrust-login-cpital.pages.dev as a high-risk credential phishing domain designed to harvest user credentials. The domain was flagged for social engineering tactics aimed at deceiving users into divulging sensitive information. This campaign represents a significant threat to unsuspecting individuals due to its impersonation methods and targeting of login credentials.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.45.41. It was detected on three separate security blocklists and flagged by 14 out of 95 security vendors on VirusTotal. Google Safe Browsing categorizes it as SOCIAL_ENGINEERING, confirming its malicious intent. The page title encountered was "Suspected phishing site | Cloudflare," indicating that hosting provider protections had identified and flagged the content.

Currently, the domain is offline, having been taken down to prevent further harm. Users and organizations are advised to remain vigilant against similar phishing attempts and verify URLs carefully before entering credentials. PhishDestroy recommends leveraging blocklists and threat intelligence feeds that include this domain to enhance detection and prevention efforts against credential phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.41
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["peter.ns.cloudflare.com", "fatima.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb39e-7556-717a-8bac-61ffd07fd39e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c3e6a25a-9369-43e2-a00b-0b7e6bdf8a16
- PhishDestroy: https://phishdestroy.io/domain/itrust-login-cpital.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/itrust-login-cpital.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/itrust-login-cpital.pages.dev/
Last updated: 2026-03-19