# cryptomuc.cc — MALICIOUS

> Cryptomuc.cc is an active phishing site posing as a crypto payment gateway. Exercise caution and avoid entering sensitive data on this domain.

## Summary
PhishDestroy identifies cryptomuc.cc as a medium-risk generic phishing domain masquerading under the page title "Cryptomus - Crypto Payment Gateway." The domain is designed to deceive users into believing it offers legitimate cryptocurrency payment processing services. With a creation date set unusually in the future (January 16, 2026), it may indicate manipulation or errors in domain metadata, but the domain actively resolves and is currently involved in phishing activities.

Technical analysis reveals that cryptomuc.cc resolves to the IP address 172.67.150.39, a network address associated with Cloudflare infrastructure, which threat actors often exploit to mask origin servers. The domain registration was done through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar linked to multiple suspicious registrations. Although only 4 out of 95 security vendors flagged this domain on VirusTotal, it appears on two distinct security blocklists, reinforcing the suspicion of malicious intent. The page title attempts to lend credibility, but the backend infrastructure and domain age anomalies heighten the risk profile.

Currently, cryptomuc.cc remains active and continues to pose a medium-level threat to users, primarily targeting victims of cryptocurrency phishing scams. Security teams and end users are advised to block access and avoid interacting with this domain. Continuous monitoring of this domain and its associated infrastructure is necessary to track any evolution in its attack patterns or hosting changes.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Cryptomus - Crypto Payment Gateway

## Domain Intelligence
- Registered: 2026-03-09 07:07:01
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.150.39
- Nameservers: hunts.ns.cloudflare.com robin.ns.cloudflare.com

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "SOCRadar", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd159-3673-74fc-80d6-e3b3b1fecbfe.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a31af27d-c47e-44f8-88eb-ebf1e7ac1df4
- PhishDestroy: https://phishdestroy.io/domain/cryptomuc.cc/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cryptomuc.cc/
Last updated: 2026-03-14