# lumina-ib.org — MALICIOUS

> PhishDestroy identifies lumina-ib.org as an active crypto drainer phishing domain. Flagged by 10 of 95 VirusTotal vendors and hosted on 198.251.84.200.

## Summary
PhishDestroy identifies lumina-ib.org as an active crypto drainer phishing campaign impersonating financial services. The domain is currently engaged in credential theft activities targeting cryptocurrency users. This threat is classified as elevated due to the high-risk nature of cryptocurrency drainers and active delivery mechanisms. Users interacting with this domain risk direct asset loss and account compromise.

This domain was flagged by 10 of 95 VirusTotal vendors, indicating significant malicious activity. Registered through Dynadot Inc on March 14, 2026, the domain resolves to IP address 198.251.84.200 and utilizes a Let's Encrypt SSL certificate to enhance legitimacy. The domain's recent creation combined with low trust scores across security platforms underscores its malicious intent. Blocklist aggregators report consistent detections, reinforcing the elevated risk level.

The campaign remains active as of investigation completion. PhishDestroy recommends immediate network-level blocking of both the domain and associated IP address. Users should avoid all interactions with lumina-ib.org and verify any financial service communications through official channels. Security teams should deploy additional monitoring for related infrastructure patterns. Immediate threat mitigation is critical given the active status and cryptocurrency targeting nature of this drainer campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-14 07:35:41
- Registrar: Dynadot Inc
- IP: 198.251.84.200

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4760e768-c477-4909-9daf-59c9da2db420
- PhishDestroy: https://phishdestroy.io/domain/lumina-ib.org/
- LLM endpoint: https://phishdestroy.io/domain/lumina-ib.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lumina-ib.org/
Last updated: 2026-03-23