# cryptomus.forum — SUSPICIOUS > cryptomus.forum distributing a crypto wallet phishing scam. Domain flagged by PhishDestroy with 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies cryptomus.forum as a live cryptocurrency wallet phishing portal impersonating the legitimate cryptomus.com service. The threat level is currently marked as under_investigation while additional intelligence is collected, but the domain exhibits clear indicators of malicious intent designed to harvest user credentials and cryptocurrency wallet access. Victims are lured via social engineering tactics to submit private keys or seed phrases under the guise of account verification, support, or bonus claims. Analysis reveals the domain was registered on March 28, 2026 through NameSilo, LLC and is currently resolving to IP address 172.67.150.101. The SSL certificate, issued by Let’s Encrypt, provides a false sense of legitimacy, as no detections have been registered on VirusTotal (0/95 engines). The domain remains unlisted on major blocklists at this time, though trust scores from threat intelligence feeds remain critically low due to its recent emergence and phishing signature alignment with known cryptocurrency scam infrastructure. The absence of detections—despite its active status—highlights the need for proactive monitoring. To mitigate exposure, organizations and users should immediately block the domain cryptomus.forum and its resolving IP (172.67.150.101) at the network perimeter. Email filters should be updated to reject messages referencing wallet verification or support requests from this domain. Users are advised to verify any cryptocurrency-related communications by accessing official platforms directly via bookmarked URLs—not through embedded links. If credentials or private keys were entered, revoke access immediately, transfer remaining funds to a secure wallet, and report the incident to local cybercrime units. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 18:58:32 - Registrar: NameSilo, LLC - IP: 172.67.150.101 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/cryptomus.forum - PhishDestroy: https://phishdestroy.io/domain/cryptomus.forum/ - LLM endpoint: https://phishdestroy.io/domain/cryptomus.forum/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/cryptomus.forum/ Last updated: 2026-04-05