# multi-in.fun — SUSPICIOUS

> Domain multi-in.fun is distributing credential phishing pages masquerading as legitimate login portals, with 0/95 VirusTotal detections as of seed 424547.

## Summary
PhishDestroy identifies multi-in.fun as a live SSL-backed phishing domain currently hosting fake login forms designed to harvest user credentials under the guise of a legitimate service.

This domain was flagged due to its active role in credential harvesting campaigns, with critical intelligence indicating a VirusTotal detection count of 0/95 despite clear malicious intent. The domain was registered on March 14, 2026, through PDR Ltd. d/b/a PublicDomainRegistry.com, and resolves to IP 104.21.91.216. Its SSL certificate, issued by Let’s Encrypt, lends false legitimacy to phishing pages, potentially tricking users into disclosing sensitive information. The combination of recent registration, low detection rates, and active hosting infrastructure suggests this domain is part of a rapidly evolving campaign targeting unsuspecting users.

Users who have visited or entered credentials on multi-in.fun should immediately change passwords on all related accounts and enable two-factor authentication where possible. Monitor accounts closely for unauthorized access or login attempts. Avoid re-entering any login details on this domain and report the site to your security team or through PhishDestroy’s portal for further analysis. If credentials were exposed, consider using a password manager to generate new, unique passwords for affected accounts and enable account recovery options to prevent long-term compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-14 14:12:05
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 104.21.91.216

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/83cec23b-925f-4247-9c03-ef171bd0381a
- PhishDestroy: https://phishdestroy.io/domain/multi-in.fun/
- LLM endpoint: https://phishdestroy.io/domain/multi-in.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/multi-in.fun/
Last updated: 2026-03-22