# wap.kkjsd01.top — MALICIOUS

> kkjsd01.top is a credential-phishing page mimicking a login portal. 13/95 security vendors flag it and it’s already blocked by PhishingArmy.

## Summary
PhishDestroy identifies kkjsd01.top as an active credential-harvesting site posing as a mobile login portal (wap.kkjsd01.top). Visitors are tricked into entering usernames, passwords, or payment details that are immediately exfiltrated to attacker-controlled servers. The page is not legitimate and should never be used for any real authentication.  

This domain was flagged by PhishDestroy after security telemetry revealed it is a newly created phishing lure. VirusTotal analysis shows 13 out of 95 participating antivirus engines already detect the threat. The domain was registered on August 12, 2025 through Hosting Concepts B.V. d/b/a Registrar.eu, and it has already appeared on two independent phishing blocklists including OpenPhish and PhishingArmy. The site also holds a valid Let’s Encrypt SSL certificate to appear trustworthy, while resolving to IP address 156.245.239.57. These combined indicators confirm an elevated risk of successful account takeover if credentials are submitted.  

If you visited kkjsd01.top or entered any information, immediately change the passwords for that account on the genuine service provider’s real website. Review recent transactions and enable two-factor authentication wherever possible. Report the incident to your organization’s security team or to the legitimate service. Do not click any links in emails or messages that point to kkjsd01.top. Clear your browser cache and run a reputable antivirus scan on the device you used. Forward the suspicious URL to your IT administrator or to the Anti-Phishing Working Group for further takedown action.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-12 11:16:15
- Registrar: Hosting Concepts B.V. d/b/a Registrar.eu
- IP: 156.245.239.57

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d8b12fb6-d205-4466-89bc-04457c0b940b
- PhishDestroy: https://phishdestroy.io/domain/wap.kkjsd01.top/
- LLM endpoint: https://phishdestroy.io/domain/wap.kkjsd01.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wap.kkjsd01.top/
Last updated: 2026-03-29