# pyth-luma.com — MALICIOUS

> PhishDestroy identifies pyth-luma.com as an active credential harvesting scam posing as a cryptocurrency service.

## Summary
PhishDestroy identifies pyth-luma.com as an elevated-risk credential harvesting scam. This domain resolves to IP 104.21.80.229 and evades detection by using a Let's Encrypt SSL certificate while being hosted on NICENIC INTERNATIONAL GROUP CO., LIMITED infrastructure. Registered on March 16, 2026, the site is already flagged by 7 out of 95 VirusTotal security vendors, placing it in the elevated risk category for users seeking cryptocurrency services.  

This domain was flagged by 7/95 security vendors on VirusTotal, uses registrar NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to 104.21.80.229, and was created March 16, 2026. The presence of a legitimate SSL certificate does not guarantee safety; in this case, it serves as camouflage for phishing infrastructure. Short domain age combined with active infrastructure and partial blocklist coverage creates a high-confidence threat scenario for credential theft.  

To mitigate risk, avoid entering any personal information, passwords, or cryptocurrency wallet keys on pyth-luma.com. Verify all cryptocurrency service domains through official channels before interaction. Use password managers with domain verification features, enable multi-factor authentication on legitimate accounts, and report this domain to your browser's phishing protection service. Block the IP 104.21.80.229 at your firewall level if possible. Always cross-reference URLs with official company websites before proceeding with any login or transaction.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-16 21:53:49
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.80.229

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c00cec9c-1e0e-4ef9-b81e-4490d3165c4a
- PhishDestroy: https://phishdestroy.io/domain/pyth-luma.com/
- LLM endpoint: https://phishdestroy.io/domain/pyth-luma.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pyth-luma.com/
Last updated: 2026-03-23