# cryptomus.ws — SUSPICIOUS

> cryptomus.ws shows signs of phishing activity. Exercise caution and avoid sharing personal info on this site until further analysis.

## Summary
PhishDestroy identifies cryptomus.ws as a domain exhibiting potential phishing behavior, currently under investigation. The site targets users with deceptive content aimed at stealing sensitive information.

The domain resolves to IP 104.21.86.231 and displays a low PageSpeed score of 36/100, indicative of a hastily assembled phishing page. VirusTotal reports zero detections, suggesting it is a newly emerging threat or evading current detection tools.

cryptomus.ws remains active and unflagged by security vendors. Users are advised to avoid interacting with the site or providing any credentials. Continuous monitoring and caution are recommended as further analysis is underway.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 200)
- Page title: Cryptomus Exchange | Crypto Invoice

## Domain Intelligence
- IP: 104.21.86.231
- Nameservers: marlowe.ns.cloudflare.com miles.ns.cloudflare.com

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: []
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://i.ibb.co/84gKT3PF/05fcb3da8aad.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a311b512-0b00-4c45-8ec7-021af9a74022
- PhishDestroy: https://phishdestroy.io/domain/cryptomus.ws/
- LLM endpoint: https://phishdestroy.io/domain/cryptomus.ws/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cryptomus.ws/
Last updated: 2026-03-19