# jtdxvp.icu — SUSPICIOUS

> PhishDestroy identifies jtdxvp.icu as a 2/95 flagged phishing domain distributing a fake login page. Check the full report for details.

## Summary
PhishDestroy identifies jtdxvp.icu as an active phishing domain impersonating a generic login page, leveraging a deceptive domain to harvest credentials. The site operates as a credential harvester, designed to mimic legitimate authentication portals while concealing its malicious infrastructure. No specific brand is targeted in this campaign, suggesting a broad, opportunistic approach to credential theft. The domain was recently registered and deployed, indicating a likely rapid turnaround from propagation to operational status, typical of phishing campaigns aiming for quick exploitation before detection systems flag it.

Technical analysis of jtdxvp.icu reveals critical threat indicators: the domain was flagged by 2 out of 95 VirusTotal security vendors upon inspection, demonstrating emerging detection coverage. Resolving to IP address 188.114.96.3, hosted on infrastructure associated with high-risk activity, the domain was registered through WEBCC on May 20, 2025, indicating a recently established presence with minimal historical trust. Despite using a Google Trust Services SSL certificate, which may mislead users into trusting the site, the domain remains unlisted or minimally blocked across major safety networks. This combination of fresh registration, low detection coverage, and reputable SSL issuance suggests a strategic attempt to bypass initial scrutiny.

The domain remains active and poses an elevated risk to users accessing it, likely through phishing emails, social media links, or compromised advertisements. While global blocklists have not yet widely incorporated the domain, its active status underscores the need for immediate defensive action. Organizations and users are advised to block jtdxvp.icu at the network and endpoint levels, inspect inbound traffic for references to 188.114.96.3, and monitor for related credential leaks. Despite the presence of a legitimate-looking SSL certificate, the overall threat profile remains elevated due to the domain's youth and low detection rate, warranting heightened vigilance until global mitigation improves.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-05-20 07:44:58
- Registrar: WEBCC
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/234c3595-f047-462b-9509-a4112f893950
- PhishDestroy: https://phishdestroy.io/domain/jtdxvp.icu/
- LLM endpoint: https://phishdestroy.io/domain/jtdxvp.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jtdxvp.icu/
Last updated: 2026-03-22