# kg365p.com — MALICIOUS

> kg365p.com is a live credential-harvesting site posing as a login portal. 22 of 95 VirusTotal scanners flag it, and it is already blocked by two security lists.

## Summary
kg365p.com presents an elevated risk as a credential-harvesting portal masquerading as a legitimate login interface. The domain is explicitly designed to trick users into surrendering usernames, passwords, or other sensitive data into counterfeit forms, after which attackers can abuse the harvested credentials for account takeovers, financial fraud, or further phishing campaigns.

PhishDestroy identifies kg365p.com as a confirmed active threat based on multiple objective indicators: 22 out of 95 VirusTotal security vendors flagged the domain, it is listed on two separate blocklists, resolves to IP 20.2.172.20, and was created on March 13, 2026 through DYNADOT LLC with a Let’s Encrypt SSL certificate. The presence of 22 detections and two independent blocklists yields a combined risk profile rated as elevated.

To mitigate exposure to this credential-harvesting campaign, users should avoid visiting kg365p.com entirely. If a login prompt was accidentally accessed, immediately change passwords on other sites and enable multi-factor authentication where available. Enterprise defenders can block the domain at the firewall using the indicator 20.2.172.20 and file a takedown request referencing the domain age, registrar, and blocklist entries to reduce its operational window.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-13 02:55:05
- Registrar: DYNADOT LLC
- IP: 20.2.172.20

## Detection Status
- VirusTotal: 22 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f6af797b-5c68-4934-bc9c-86f0541971cf
- PhishDestroy: https://phishdestroy.io/domain/kg365p.com/
- LLM endpoint: https://phishdestroy.io/domain/kg365p.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kg365p.com/
Last updated: 2026-03-31