# pymp.fun — MALICIOUS

> Warning: pymp.fun is a high-risk phishing domain flagged by multiple security sources. Avoid interaction and report suspicious activity immediately.

## Summary
PhishDestroy identifies pymp.fun as a high-risk generic phishing domain designed to deceive users and capture sensitive information. The page titled "Nur einen Moment…" suggests a possible social engineering attempt to delay or mislead visitors. This domain was registered recently, indicating a potential campaign targeting unsuspecting users.

The domain pymp.fun resolves to IP address 188.114.96.3 and was registered through REGRU-RU on July 24, 2025. It appears on one security blocklist and is referenced in two AlienVault OTX threat intelligence pulses. VirusTotal data shows that 10 out of 95 security vendors have flagged this domain as malicious, confirming its phishing nature. The use of a .fun TLD and a short-lived registration period aligns with typical phishing infrastructure patterns.

Currently, pymp.fun is offline, which may indicate takedown actions or natural expiration of the malicious operation. Users and organizations are advised to continue blocking this domain and monitor for similar phishing attempts. It is important to report any suspicious emails or links referencing pymp.fun and maintain updated endpoint protections to mitigate risk.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Nur einen Moment…

## Domain Intelligence
- Registered: 2025-07-24 09:56:35
- Expires: 2026-07-24 23:59:59
- Registrar: REGRU-RU
- Country: RU
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: lauryn.ns.cloudflare.com mark.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01997676-eb4b-77a7-a579-25dee14764eb.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/23e86d06-1aec-4f86-b603-0c838b295b4c
- Wayback Machine: https://web.archive.org/web/https://pymp.fun
- PhishDestroy: https://phishdestroy.io/domain/pymp.fun/
- LLM endpoint: https://phishdestroy.io/domain/pymp.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pymp.fun/
Last updated: 2026-03-19