# c4.xkrmec2.click — MALICIOUS

> PhishDestroy identifies c4.xkrmec2.click as a credential-harvesting phishing site with 14/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies c4.xkrmec2.click as an active credential-harvesting phishing domain designed to mimic legitimate login portals, tricking users into submitting sensitive credentials. This domain resolves to IP address 66.116.210.66 and employs a Let's Encrypt SSL certificate to appear legitimate. The domain was registered on February 15, 2026, through Sav.com, LLC, a tactic often used to rapidly deploy short-lived attack infrastructure. With 14 out of 95 security vendors flagging the domain as malicious on VirusTotal, the threat level is elevated, indicating significant risk to users who may encounter the site.  This domain exhibits several indicators of malicious activity. It was created on February 15, 2026, which is a recent registration date, suggesting it is part of a fast-moving phishing campaign. The use of Sav.com, LLC as the registrar is notable, as this service has been observed in multiple phishing operations due to its permissive registration policies. The domain's low detection ratio on VirusTotal (14/95) demonstrates the evasiveness of the threat, as many security solutions have not yet flagged it. Additionally, the domain's association with IP address 66.116.210.66, which has been linked to other malicious activities, further corroborates its harmful intent. Users are advised to exercise caution, as the site likely employs social engineering techniques to deceive visitors.  If you have visited c4.xkrmec2.click or suspect you may have entered credentials, immediately change passwords for any accounts potentially exposed and enable multi-factor authentication where possible. Avoid clicking links from unsolicited emails or messages, as these are common delivery vectors for such phishing domains. Users can report the domain to PhishDestroy for further analysis and inclusion in threat intelligence feeds. Always verify website URLs before entering sensitive information and ensure your device's security software is up to date. Proactive monitoring of account activity can help detect unauthorized access early.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-15 22:38:28
- Registrar: Sav.com, LLC
- IP: 66.116.210.66

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8f5d183a-1554-4ee0-a99f-bd76624b971e
- PhishDestroy: https://phishdestroy.io/domain/c4.xkrmec2.click/
- LLM endpoint: https://phishdestroy.io/domain/c4.xkrmec2.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/c4.xkrmec2.click/
Last updated: 2026-04-01