# kra--42.cc — MALICIOUS

> kra--42.cc is an active credential theft domain flagged by 9 of 95 VirusTotal vendors. Exercise caution and block access immediately.

## Summary
The domain kra--42.cc is currently active and engaged in credential theft activities targeting unsuspecting users. There is no specific brand impersonated at this time, but the domain is designed to capture sensitive login information through deceptive means. PhishDestroy has identified this domain as a significant threat due to its methods of obtaining user credentials.

According to VirusTotal data, kra--42.cc is flagged by 9 out of 95 security vendors, indicating a notable level of recognition from multiple cybersecurity tools. The domain resolves to IP address 188.114.96.3 and was registered on September 1, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It holds an SSL certificate issued by Google Trust Services, which may lend it a deceptive appearance of legitimacy. Although it does not currently appear on any major blocklists, the moderate detection rate and trusted certificate raise the risk profile.

Given that kra--42.cc remains active and continues to engage in credential theft tactics, it is strongly recommended to block this domain across network gateways and endpoint protections. Organizations should monitor for any traffic related to this domain and educate users on avoiding unsolicited requests for login details. Continuous threat intelligence updates and proactive filtering are advised to mitigate exposure to this elevated risk threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-01 17:52:09
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/70ceeeff-c78e-4f60-b570-4b008f944ac3
- PhishDestroy: https://phishdestroy.io/domain/kra--42.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra--42.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra--42.cc/
Last updated: 2026-03-26