# thelighter.xyz — SUSPICIOUS

> Thelighter.xyz domain flagged for phishing activity is currently offline. Learn about its threat profile and security implications here.

## Summary
PhishDestroy identifies thelighter.xyz as a domain associated with generic phishing activities presenting a medium risk level. The domain was flagged by multiple security vendors due to its suspicious behavior, which typically involves attempts to deceive users into providing sensitive information. This classification warrants caution for users encountering this domain or related communications.

Thelighter.xyz was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 28, 2026, and resolves to the IP address 188.114.97.3. Despite being relatively new, the domain attracted attention because four security engines on VirusTotal flagged it for phishing-related threats. This suggests the domain was likely used as part of a broader phishing campaign, possibly leveraging social engineering tactics to impersonate legitimate services or solicit credentials.

Currently, thelighter.xyz is offline, effectively mitigating immediate risks from this domain. PhishDestroy recommends continued monitoring of associated infrastructure and similar domains registered through the same registrar or IP address. Users should remain vigilant against phishing attempts, especially from newly registered domains with limited reputation. Organizations are advised to update their security filters to block this domain and educate employees on recognizing phishing indicators.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: Error

## Domain Intelligence
- Registered: 2026-03-04 13:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: nikon.ns.cloudflare.com sarah.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["Fortinet", "Gridinsoft", "Seclookup", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/QFQ04Njn/c38119667e7d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/929fcd28-8906-433d-88a7-01ceef285b63
- PhishDestroy: https://phishdestroy.io/domain/thelighter.xyz/
- LLM endpoint: https://phishdestroy.io/domain/thelighter.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/thelighter.xyz/
Last updated: 2026-03-19