# krn2web.cc — SUSPICIOUS

> PhishDestroy identifies krn2web.cc as a credential theft phishing domain registered April 5, 2025; flagged by 0 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies krn2web.cc, a recently activated credential theft phishing domain currently under investigation, as an active threat with a high potential for user data compromise. This domain is classified under the threat type 'generic_phishing' and is part of an emerging campaign designed to deceive users into surrendering sensitive credentials under false pretenses. The domain's operational timeline and infrastructure suggest a deliberate attempt to exploit trust in superficially legitimate web services.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating that signature-based detection mechanisms have not yet identified malicious artifacts associated with krn2web.cc. The domain resolves to IP address 188.114.96.3 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 5, 2025. Additionally, krn2web.cc utilizes an SSL certificate issued by Google Trust Services, which may contribute to a false sense of legitimacy. At present, no blocklist entries have been confirmed for this domain, and trust scores remain uncalibrated due to its recent creation. The absence of detections highlights the stealthy nature of this campaign and the need for proactive monitoring.

Given the active status of krn2web.cc and its classification as a credential theft phishing domain, PhishDestroy recommends immediate avoidance of this domain and any associated links or communications. Users are advised to verify the authenticity of websites before entering login credentials and to report suspicious domains to relevant security teams or through automated threat intelligence platforms. Domain blocking at the network level is strongly encouraged to prevent potential credential harvesting. Further updates will be provided as additional intelligence emerges regarding this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-05 11:35:00
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fdbd5b6d-a045-439c-88c5-8106f6bd3e5b
- PhishDestroy: https://phishdestroy.io/domain/krn2web.cc/
- LLM endpoint: https://phishdestroy.io/domain/krn2web.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krn2web.cc/
Last updated: 2026-03-28