# www.btfflion.com — SUSPICIOUS

> Btfflion.com is a confirmed credential theft site, with 3/95 VirusTotal detections. Avoid entering any login details—block and report immediately.

## Summary
PhishDestroy identifies btfflion.com as an active credential theft domain posing an elevated risk to users. This domain is designed to mimic legitimate services and harvest user credentials through deceptive login forms. The threat vector exploits human trust in recognizable branding to deploy unauthorized account access.  This domain exhibits multiple red flags: registered through Dominet (HK) Limited on March 14, 2026, resolving to IP 104.21.16.59. VirusTotal analysis confirms 3 out of 95 security vendors have flagged this domain as malicious, while its SSL certificate is issued by Google Trust Services—an indicator commonly abused by threat actors to appear legitimate. Its recent creation date further suggests opportunistic deployment, likely targeting unsuspecting users in a live campaign.  To mitigate exposure, organizations and users should immediately block the domain at the network and endpoint levels. Avoid interacting with any login prompts presented by btfflion.com. If credentials have been entered, assume compromise and initiate password resets across affected services. Report the domain to threat intelligence platforms and security operations teams for further analysis. Maintain heightened awareness for follow-on phishing attempts leveraging stolen credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-14 07:17:44
- Registrar: Dominet (HK) Limited
- IP: 104.21.16.59

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b9281599-333f-49c1-b461-899e44dca933
- PhishDestroy: https://phishdestroy.io/domain/www.btfflion.com/
- LLM endpoint: https://phishdestroy.io/domain/www.btfflion.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.btfflion.com/
Last updated: 2026-03-22