# t-mobile.kciren.cc — MALICIOUS

> Avoid t-mobile.kciren.cc—an active phishing domain flagged for malicious activity. Do not visit or share personal info.

## Summary
PhishDestroy identifies t-mobile.kciren.cc as an active generic phishing domain targeting unsuspecting users. Classified as high risk, this domain imitates T-Mobile branding to deceive victims and capture sensitive information. The investigation is driven by unique seed 3b2084 to ensure distinct detection patterns.

Technically, the domain was registered recently on February 3, 2026, through Gname.com Pte. Ltd., suggesting a newly created phishing infrastructure. It resolves to the IP address 172.67.199.230 and appears on at least one security blocklist. VirusTotal scans show that 14 out of 95 security vendors currently flag this domain, reinforcing its malicious status.

The phishing campaign remains active and poses an ongoing threat to users. Immediate caution is advised to avoid interactions with this domain. PhishDestroy continues to monitor t-mobile.kciren.cc to support timely identification and mitigation of risks associated with this phishing operation.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)

## Domain Intelligence
- Registered: 2026-02-03 11:35:14
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 172.67.199.230
- Nameservers: ["A.SHARE-DNS.COM", "B.SHARE-DNS.NET"]
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["BitDefender", "Cluster25", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c269d-3708-7625-a909-53d8ddf31d89.png
- PhishDestroy: https://phishdestroy.io/domain/t-mobile.kciren.cc/
- LLM endpoint: https://phishdestroy.io/domain/t-mobile.kciren.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/t-mobile.kciren.cc/
Last updated: 2026-03-19