# mail.phantomus.app — MALICIOUS

> Discover if mail.phantomus.app is safe to visit. PhishDestroy flags this domain for phishing risks. Learn what to do if you encountered it.

## Summary
PhishDestroy identifies mail.phantomus.app as a potentially dangerous website associated with phishing, posing a medium-level risk to users. Phishing sites like this attempt to deceive visitors into divulging sensitive personal information, such as login credentials or financial details, by impersonating legitimate services. Users who interact with these sites may face identity theft or unauthorized access to their accounts.

This domain operates by mimicking trustworthy email or service platforms to trick users into submitting confidential data. Although mail.phantomus.app has been taken offline, it was reported to appear on multiple security blocklists and was flagged by a number of antivirus vendors. The domain registration details suggest it may have been set up with malicious intent, as it was registered through a dead domain provider and created in the future, which is suspicious and indicative of fraudulent activity.

If you have visited mail.phantomus.app, it is important to take immediate precautions. Avoid entering any personal information and run a full antivirus scan on your device. Change passwords for any accounts that might have been compromised, especially if you reused credentials on the suspicious site. Always verify URLs carefully and use trusted security tools to protect yourself from phishing threats. PhishDestroy encourages users to stay vigilant and report suspicious domains to help keep the internet safer.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Target brand: Phantom
- Page title: phantom

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dead domain
- IP: 198.54.132.29
- SSL Issuer: R11

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ChainPatrol", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01989337-f059-72e8-8f46-a77341746f1c.png
- PhishDestroy: https://phishdestroy.io/domain/mail.phantomus.app/
- LLM endpoint: https://phishdestroy.io/domain/mail.phantomus.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mail.phantomus.app/
Last updated: 2026-03-17