# masihbelajarbang.titip-ibl.com — SUSPICIOUS > Investigating masihbelajarbang.titip-ibl.com for credential harvesting via fake ‘learning portal’ — VirusTotal 0/95, registered June 28 2025. ## Summary masihbelajarbang.titip-ibl.com is a recently activated domain posing as an Indonesian online learning portal, but PhishDestroy analysis indicates it is actively harvesting user credentials. The site mimics legitimate educational login pages to trick visitors into entering usernames and passwords, which are then transmitted to attacker-controlled servers for abuse. Visitors risk direct account compromise and potential downstream compromise of connected services if they reuse the same login details. PhishDestroy advises treating this site as hostile and avoiding any interaction. This domain was flagged on June 28, 2025, only hours after registration through NAMECHEAP INC, and currently resolves to 104.21.38.12. A Google Trust Services SSL certificate is in place, lending false legitimacy, while VirusTotal reports zero detections across 95 engines—underscoring how rapidly such domains can evade initial scans. The combination of fresh registration, low detection coverage, and SSL lends this campaign a ‘quiet start’ profile typical of credential phishing operations. If you accidentally visited the site or entered any information, immediately change passwords on all accounts that used the same credentials, enable multi-factor authentication wherever possible, and scan local devices for malware. Report the domain to your security team or block it via DNS/network rules using the IP 104.21.38.12. PhishDestroy continues active monitoring and will update the risk level as new intelligence emerges. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-06-28 08:53:43 - Registrar: NAMECHEAP INC - IP: 104.21.38.12 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6c503527-3c45-43cf-91a0-65f92ab2e190 - PhishDestroy: https://phishdestroy.io/domain/masihbelajarbang.titip-ibl.com/ - LLM endpoint: https://phishdestroy.io/domain/masihbelajarbang.titip-ibl.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/masihbelajarbang.titip-ibl.com/ Last updated: 2026-03-25