# kra-37cc.com — MALICIOUS

> PhishDestroy identifies kra-37cc.com as a generic phishing domain with active credential theft campaigns. Detected by 8/95 VirusTotal vendors.

## Summary
PhishDestroy identifies kra-37cc.com as a newly active credential theft domain designed to harvest user login credentials under the guise of a legitimate service. The domain does not impersonate a specific brand but instead leverages a generic landing page structure typical of credential phishing campaigns. Analysis of its infrastructure reveals no evidence of a crypto drainer or advanced obfuscation, suggesting a mid-tier phishing operation focused on direct account compromise rather than asset theft.  

This domain was flagged by 8 out of 95 VirusTotal security vendors, indicating early-stage detection across industry tools. It was registered on February 08, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently associated with mass domain acquisitions used in phishing campaigns. kra-37cc.com resolves to IP 104.21.55.9 and is secured with a Google Trust Services SSL certificate, which may be leveraged to falsely signal legitimacy. The domain has not yet been indexed by Google Safe Browsing (GSB) and remains unblocked by major threat intelligence platforms as of analysis time.  

PhishDestroy assesses kra-37cc.com as an elevated-risk domain due to its active status and low detection coverage. The threat remains active and has not been neutralized by upstream blocking mechanisms. Users are strongly advised to avoid interaction with this domain and to report it via browser-based reporting tools. Network administrators should implement firewall or DNS-based blocking using the IP and domain indicators. The remaining risk is elevated, given the domain’s recent creation and lack of broad containment. Immediate defensive actions are required to prevent credential theft from affected user populations.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:30:13
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.55.9

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8f9c68ac-7ede-4976-8636-bd56c69d0d73
- PhishDestroy: https://phishdestroy.io/domain/kra-37cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-37cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-37cc.com/
Last updated: 2026-03-27