# qai46k.com — SUSPICIOUS

> PhishDestroy identifies qai46k.com as a freshly active credential-harvesting page. Registered only days ago on July 29, 2025, the site has not yet triggered 95.

## Summary
PhishDestroy has opened a case on qai46k.com after detecting it as a potential credential-harvesting phishing domain. At the time of writing, the site remains undetected by 95 VirusTotal engines, indicating it is slipping past current defenses. The domain was created yesterday, July 29, 2025, and is currently resolving to a Cloudflare IP (104.21.51.146) secured by a Google Trust Services SSL certificate, giving it a legitimate outward appearance while hiding its malicious intent.  The investigation reveals that qai46k.com is likely mimicking a well-known login portal in order to trick visitors into entering their usernames and passwords. Threat intelligence shows the domain was registered through a privacy-protecting registrar (NICENIC INTERNATIONAL GROUP CO., LIMITED), a common tactic used by phishers to obscure their true identity and prolong the campaign’s lifespan. The site’s SSL certificate and recent creation date are being weaponized to create a false sense of security, tricking users into believing the page is genuine.  If you have already visited qai46k.com, immediately change any passwords you may have entered on the site and enable multi-factor authentication on all related accounts. Scan your device with updated antivirus software to check for any follow-on malware installations. Report the domain to your IT administrator or through your browser’s built-in phishing reporting tool to help raise detection rates and protect others from this still-undetected threat. Do not re-enter any credentials on this domain and avoid clicking any links or downloading files from it in the future.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-29 12:28:24
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.51.146

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/911cd22f-f4bf-4730-a679-a7849d13a14e
- PhishDestroy: https://phishdestroy.io/domain/qai46k.com/
- LLM endpoint: https://phishdestroy.io/domain/qai46k.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/qai46k.com/
Last updated: 2026-03-28