# kra-31cc.net — MALICIOUS

> kra-31cc.net mimics a login portal for credential theft. This domain was created Feb 9 2025 and is flagged by 9 of 95 VirusTotal scanners.

## Summary
PhishDestroy identifies kra-31cc.net as an elevated-risk credential-harvesting domain impersonating a login portal. The site was registered on February 09, 2025, via NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP 172.67.165.234. VirusTotal’s 9/95 detection rate, alongside the presence of a Google Trust Services SSL certificate, indicates active deployment of a phishing kit designed to deceive users into submitting usernames, passwords, or sensitive data.  This domain has not yet achieved widespread blocklisting but exhibits a combination of red flags. Along with the 9.5% security-vendor detection rate, the newly created registration (Feb 2025) and use of a trusted SSL issuer demonstrate the attackers’ emphasis on legitimacy through valid encryption. The combination of fresh registration and partial detection suggests the campaign is early-stage, evolving, and likely targeting enterprise or cloud service logins.  Users should immediately avoid accessing this domain or entering any credentials. Enterprises should block both the domain and IP 172.67.165.234 at the firewall or DNS level. If credentials were previously entered, rotate passwords immediately and enable multi-factor authentication where possible. Report the domain to your security team or through local abuse channels to accelerate takedown efforts.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-09 12:17:11
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.165.234

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5b9d71cc-99d1-41b7-b015-6979dff50e66
- PhishDestroy: https://phishdestroy.io/domain/kra-31cc.net/
- LLM endpoint: https://phishdestroy.io/domain/kra-31cc.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-31cc.net/
Last updated: 2026-03-28