# tumurt-urguu.com — MALICIOUS

> Warning: tumurt-urguu.com is flagged as a high-risk phishing site. Avoid sharing personal info and access with caution.

## Summary
PhishDestroy identifies tumurt-urguu.com as a high-risk domain involved in generic phishing activities. This classification highlights the potential threat it poses to users by attempting to deceive them into divulging sensitive information such as login credentials or financial data.

Supporting this assessment, tumurt-urguu.com resolves to the IP address 194.36.143.79 and has been flagged by 13 out of 95 security vendors on VirusTotal, indicating a significant consensus among threat detection systems about its malicious intent. The domain was registered on August 07, 2015, through Domain.com, operated by Network Solutions, LLC, suggesting it has been active for several years, possibly to establish credibility before being used for phishing. This combination of detection results and infrastructure details reinforces the domain’s malicious reputation.

Users are advised to avoid interacting with tumurt-urguu.com to prevent potential compromise. Organizations should consider blocking this domain at network perimeters and update their phishing filters accordingly. PhishDestroy currently lists tumurt-urguu.com as active and recommends heightened vigilance, especially for those who may encounter this domain via email links or unsolicited messages. Continuous monitoring and user education remain critical in mitigating risks associated with this threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Төмөрт Өргөө

## Domain Intelligence
- Registered: 2015-08-07 01:19:06
- Registrar: Domain.com - Network Solutions, LLC
- IP: 194.36.143.79
- Nameservers: ns1.nexloc.ro ns1.sitebunker.net ns2.nexloc.ro ns2.sitebunker.net

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CRDF", "ESET", "Fortinet", "G-Data", "Lionic", "Phishing Database", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cfbb9-7105-72de-8792-4c19e73cfbb7.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/82fa9c2d-48be-419a-a6a6-9fcbf28c6bc1
- PhishDestroy: https://phishdestroy.io/domain/tumurt-urguu.com/
- LLM endpoint: https://phishdestroy.io/domain/tumurt-urguu.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tumurt-urguu.com/
Last updated: 2026-03-19