# kz77.biz — SUSPICIOUS

> kz77.biz flagged for credential theft phishing with 1/95 VirusTotal detections. Avoid entering sensitive data. Report immediately.

## Summary
kz77.biz has been identified as an active credential theft domain designed to harvest user login credentials under false pretenses. This domain mimics legitimate services to deceive victims into submitting their usernames and passwords, which are then exfiltrated to attacker-controlled servers. The infrastructure behind this domain is configured to facilitate immediate abuse upon interaction, posing an elevated risk to unsuspecting users who may inadvertently disclose sensitive account information.

This domain was flagged by PhishDestroy with confirmed malicious indicators, including a VirusTotal detection rate of 1/95 security vendors, registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, and a domain creation date of October 17, 2023. The associated IP address, 91.206.71.89, hosts the domain and has been linked to previous phishing campaigns. Despite leveraging a Google Trust Services SSL certificate, which may lend an air of legitimacy, the domain’s behavior and low detection rate underscore its malicious nature and imminent threat to users.

Users who have visited kz77.biz or entered any credentials on the site should immediately reset passwords for affected accounts and enable multi-factor authentication where available. If you suspect your credentials have been compromised, revoke any active sessions and monitor accounts for unauthorized activity. Avoid interacting with this domain entirely, and report it to your organization’s security team or relevant authorities to prevent further exploitation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2023-10-17 12:55:38
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 91.206.71.89

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ad23ac66-dfb8-433d-97b8-871e6865375e
- PhishDestroy: https://phishdestroy.io/domain/kz77.biz/
- LLM endpoint: https://phishdestroy.io/domain/kz77.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kz77.biz/
Last updated: 2026-03-26