# sso--itrustycapitallog--sso-auth.webflow.io — MALICIOUS > The domain sso--itrustycapitallog--sso-auth.webflow.io poses as a credential phishing scam, mimicking a login portal. ## Summary PhishDestroy identifies the domain sso--itrustycapitallog--sso-auth.webflow.io as an active credential phishing scam. This domain mimics a legitimate login portal, likely targeting users with deceptive SSO (Single Sign-On) branding to harvest credentials. The threat type is classified as generic_phishing, indicating a broad but high-risk campaign designed to trick users into surrendering sensitive information under false pretenses. This domain resolves to the IP address 104.18.36.248 and operates under a Google Trust Services SSL certificate, which may lend an air of legitimacy to unsuspecting users. According to VirusTotal, 16 out of 95 security vendors have flagged this domain as malicious, highlighting its elevated risk profile. The domain is hosted on Webflow, a legitimate platform often abused by threat actors to rapidly deploy phishing pages. While the exact creation date and registrar details are not provided in the dataset, the presence of a Google-issued SSL certificate and the domain's structure suggest a recent and opportunistic campaign. Additionally, the domain is not currently blocked by Google Safe Browsing (GSB), increasing the likelihood of exposure to potential victims. As of the latest assessment, the domain remains active and poses an ongoing threat to users who may encounter it through phishing emails, malicious ads, or compromised links. Security researchers and users are advised to avoid interacting with this domain and to report it to relevant authorities or blocklists. The current risk level is elevated, and while takedown efforts may be underway, the domain's use of a trusted hosting provider like Webflow complicates rapid mitigation. Users should remain vigilant, verify URLs before entering credentials, and rely on updated threat intelligence feeds to avoid falling victim to credential phishing attacks. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ca76e984-fdad-45de-993c-2b5221e22566 - PhishDestroy: https://phishdestroy.io/domain/sso--itrustycapitallog--sso-auth.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/sso--itrustycapitallog--sso-auth.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/sso--itrustycapitallog--sso-auth.webflow.io/ Last updated: 2026-03-22