# llythor.pro — SUSPICIOUS

> llythor.pro is a credential theft phishing domain flagged by 2 of 95 VirusTotal vendors. This domain poses as a legitimate service to steal login credentials.

## Summary
PhishDestroy identifies the domain llythor.pro as an active credential theft phishing campaign. This domain is designed to impersonate a legitimate service to harvest user credentials, posing an elevated risk to victims. The threat remains active as of the latest analysis.  This domain was flagged by 2 of 95 VirusTotal security vendors, indicating limited but confirmed malicious activity. The domain resolves to IP address 88.223.84.57, was registered through HOSTINGER operations, UAB, and obtained an SSL certificate from Let's Encrypt. The domain was created on January 04, 2026, and currently remains unblocked by major threat intelligence platforms.  As this threat is active, users are strongly advised to avoid accessing llythor.pro and to report the domain to their security teams or threat intelligence platforms. Organizations should consider blocking the domain and IP address at the network perimeter to prevent potential credential theft or further compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-01-04 10:36:57
- Registrar: HOSTINGER operations, UAB
- IP: 88.223.84.57

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a93f5c75-8256-4658-a43e-31ce3f6fc3bf
- PhishDestroy: https://phishdestroy.io/domain/llythor.pro/
- LLM endpoint: https://phishdestroy.io/domain/llythor.pro/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/llythor.pro/
Last updated: 2026-03-24