# itsrabbit.com — SUSPICIOUS

> itsrabbit.com is hosting a fake login page. PhishDestroy identifies 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies itsrabbit.com as an active fake login page phishing domain currently under investigation for potential credential harvesting. The domain is not confirmed malicious but exhibits multiple red flags consistent with phishing campaigns targeting unsuspecting users. This investigation remains active as analysts continue to gather intelligence on the threat actor's infrastructure and objectives.  itsrabbit.com was registered on September 26, 2024, through NameCheap, Inc. and resolves to IP address 104.21.93.27. The domain currently shows 0 detections out of 95 VirusTotal vendors, indicating it has not yet been widely flagged by security vendors despite its recent registration and suspicious activity. The SSL certificate is issued by Google Trust Services, which may lend an air of legitimacy to the domain, though this alone does not guarantee safety. The domain has not been observed on any known blocklists at this time, and its trust scores remain unverified due to its recent creation.  As the investigation remains active, users and organizations are advised to exercise extreme caution when accessing itsrabbit.com or any subdomains. Concrete recommendations include blocking the domain and IP address at the network perimeter, monitoring DNS queries for related domains, and warning users about the potential for credential harvesting. Security teams should also deploy behavioral analysis tools to detect any unusual login patterns or data exfiltration attempts. PhishDestroy will continue to monitor this domain and update the status as new intelligence becomes available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-09-26 03:48:37
- Registrar: NameCheap, Inc.
- IP: 104.21.93.27

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cacf8f68-72f4-4de8-9cd0-5a11bf441e10
- PhishDestroy: https://phishdestroy.io/domain/itsrabbit.com/
- LLM endpoint: https://phishdestroy.io/domain/itsrabbit.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/itsrabbit.com/
Last updated: 2026-03-24