# bratiyanetworkekek.icu — SUSPICIOUS > PhishDestroy identifies bratiyanetworkekek.icu as a generic phishing domain (0/95 VirusTotal detections) delivering credential theft. Investigate immediately. ## Summary PhishDestroy has flagged bratiyanetworkekek.icu as an active generic phishing domain leveraging undetected credential theft tactics. Initial analysis indicates no direct brand impersonation or crypto drainer integration, but the domain’s rapid deployment and low detection rate suggest it is part of a broader opportunistic campaign targeting unsuspecting users. The domain’s naming convention—using a misspelled or obfuscated base term—is consistent with domains created to evade detection while harvesting login credentials or sensitive form data. No specific drainer kit or branded spoofing template has been confirmed at this stage; however, the infrastructure’s recent creation and SSL certification through Let’s Encrypt imply a focus on quick deployment and perceived legitimacy to bypass security controls. This domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 16, 2026, and currently resolves to IP address 172.67.175.21. As of the latest scan, VirusTotal shows 0 detections out of 95 engines, indicating it remains under the radar of major threat intelligence platforms. It is not currently flagged in Google Safe Browsing (GSB) and has not been added to any known public blocklists. The combination of a newly registered domain, low detection coverage, and lack of historical reputation data elevates its risk profile, particularly for users interacting with untrusted links or forms embedded in the site. The domain is currently active and poses an emerging threat due to its low visibility and potential for rapid expansion within phishing campaigns. Immediate action is advised: block the domain at DNS and network levels, flag for GSB inclusion, and update endpoint protection rules to monitor for connections to 172.67.175.21. Users should avoid accessing the domain and treat any associated links or forms as high-risk. While the specific payload remains unverified, the infrastructure’s design suggests it is likely configured to capture submitted credentials or deliver secondary malware. Remaining risk is classified as high due to the combination of active status, undetected status, and recent deployment. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-16 12:46:43 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 172.67.175.21 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/794f4049-f28a-4c83-800c-ae8a54bcfbae - PhishDestroy: https://phishdestroy.io/domain/bratiyanetworkekek.icu/ - LLM endpoint: https://phishdestroy.io/domain/bratiyanetworkekek.icu/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bratiyanetworkekek.icu/ Last updated: 2026-03-23