# nhncafe-read.com — MALICIOUS

> nhncafe-read.com poses as a legitimate site but is a credential harvesting scam. 9/95 security vendors flagged this domain registered on March 21, 2026.

## Summary
PhishDestroy identifies nhncafe-read.com as an active credential harvesting domain designed to trick users into surrendering sensitive login credentials. The domain mimics the branding of a well-known service, leveraging social engineering tactics to deceive visitors into believing it is legitimate. Upon interaction, users are prompted to enter authentication details, which are then exfiltrated to attacker-controlled infrastructure. Security telemetry confirms this domain is actively weaponized, with potential for widespread compromise if left unchecked.  This domain was flagged by 9 out of 95 security vendors on VirusTotal, indicating significant but not universal detection. It was registered through Name.com, Inc. on March 21, 2026, a relatively recent creation that aligns with the operational timeline of opportunistic threat actors. The domain resolves to IP address 34.111.179.208, hosted on infrastructure frequently associated with malicious campaigns. Additionally, it utilizes a Let’s Encrypt SSL certificate, a tactic commonly employed to enhance perceived legitimacy and bypass browser warnings.  Users who have visited nhncafe-read.com should immediately review any accounts where credentials may have been entered. Reset passwords using a known-safe device and enable multi-factor authentication where available. Avoid interacting with this domain further and consider blocking the IP address 34.111.179.208 at the network perimeter. Report the domain to your security team or relevant abuse channels to aid in global threat intelligence sharing. Proactive monitoring of account activity is strongly advised to detect any signs of compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-21 11:12:24
- Registrar: Name.com, Inc.
- IP: 34.111.179.208

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7f588494-85ad-4570-967d-d343e19354da
- PhishDestroy: https://phishdestroy.io/domain/nhncafe-read.com/
- LLM endpoint: https://phishdestroy.io/domain/nhncafe-read.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nhncafe-read.com/
Last updated: 2026-03-23