# krmp.org — SUSPICIOUS > krmp.org serves as a generic phishing domain with 0/95 VirusTotal detections. Verify URLs before entering data. Block immediately if encountered. ## Summary PhishDestroy identifies krmp.org as a recently activated domain engaged in generic phishing activities, currently under investigation for potential credential theft or fraudulent redirection. The domain does not explicitly impersonate a single brand but mimics generic service portals that harvest user inputs. Initial behavioral analysis suggests it may function as a traffic interceptor or preliminary landing page before redirecting victims to secondary malicious infrastructure. No crypto drainer signatures or advanced JavaScript obfuscation have been detected in available samples; however, dynamic content loading cannot be ruled out given the domain’s infancy and lack of historical visibility. The observed SSL certificate issued by GoDaddy.com, Inc., indicates an attempt to establish trust through a legitimate-looking certificate authority, a common tactic among newly registered phishing domains to evade browser warnings. Domain age and infrastructure freshness suggest opportunistic deployment rather than sustained campaign infrastructure. Technical indicators for krmp.org are as follows: the domain resolves to IP address 76.223.54.146 and was registered on February 21, 2024, via Spaceship, Inc., indicating a recently established presence on the public DNS. As of the latest scan, krmp.org has received 0 detections out of 95 engines on VirusTotal, placing it below immediate automated detection thresholds and highlighting the risk of zero-day phishing campaigns. Googles Safe Browsing (GSB) status is currently unlisted, and public blocklist inclusion remains unverified, further emphasizing the need for proactive monitoring. The SSL certificate chain terminates with GoDaddy Secure Certificate Authority (G2), a trusted issuer, which may temporarily bypass browser security warnings for users not inspecting certificate details. Registrant privacy protections are not confirmed, but the use of Spaceship as registrar suggests potential anonymity in WHOIS data. The domain is currently active and under active investigation by PhishDestroy’s threat intelligence team. Users are advised to block krmp.org at the network or host level and avoid interaction due to its unknown but high-risk potential. Given the 0/95 VirusTotal score and lack of blocklist coverage, this domain represents a latent threat capable of rapid escalation upon discovery of exploitable payloads or redirection chains. Security teams should monitor for associated IP ranges and SSL fingerprinting to preempt campaign expansion. Remaining risk remains HIGH until behavioral patterns, payload delivery mechanisms, and downstream infrastructure are fully mapped. Immediate containment is recommended to prevent potential credential harvesting or fraudulent engagement. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-02-21 15:15:06 - Registrar: Spaceship, Inc. - IP: 76.223.54.146 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/438e093d-a405-40db-aecf-4051e641ad71 - PhishDestroy: https://phishdestroy.io/domain/krmp.org/ - LLM endpoint: https://phishdestroy.io/domain/krmp.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/krmp.org/ Last updated: 2026-03-28