# cnurcnc.com — SUSPICIOUS

> cnurcnc.com is a recently created site flagged by 1/95 scanners for credential harvesting. Avoid entering personal data—this domain mimics legitimate login.

## Summary
PhishDestroy identifies cnurcnc.com as an elevated-risk credential harvesting domain posing as a login portal. This site was created on March 18, 2026, and resolved to IP 188.114.97.3. VirusTotal detected 1/95 security vendors flagging the domain, while NICENIC INTERNATIONAL GROUP CO., LIMITED served as the registrar. The domain uses a Let's Encrypt SSL certificate to appear trustworthy, but its recent creation and low detection rate reveal its malicious intent.  cnurcnc.com exhibits multiple red flags aligning with generic phishing campaigns. The domain’s association with 188.114.97.3, a dynamic IP often linked to fraudulent activity, raises further concern. Despite its Let’s Encrypt certification, which may mislead users into trusting the site, the domain’s lack of history and minimal antivirus coverage make it a high-risk target for credential theft. Its recent registration through NICENIC INTERNATIONAL GROUP CO., LIMITED—a registrar frequently abused in phishing operations—adds to its suspicious profile.  Users should avoid interacting with cnurcnc.com entirely. If you encounter this domain in emails, messages, or ads, do not enter any login credentials or personal information. Report the domain to your cybersecurity team or block it via your network’s firewall. Enable multi-factor authentication on all accounts to mitigate potential credential theft. Monitor financial and login activity for unauthorized access following any potential exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-18 07:11:29
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/675d259c-2e6f-4173-be95-e7968ebf76b4
- PhishDestroy: https://phishdestroy.io/domain/cnurcnc.com/
- LLM endpoint: https://phishdestroy.io/domain/cnurcnc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cnurcnc.com/
Last updated: 2026-03-23