# kra-40.cc — MALICIOUS

> kra-40.cc is a malicious phishing domain flagged by 9 out of 95 security vendors. This site simulates a fraudulent login portal to steal credentials.

## Summary
kra-40.cc is a recently activated domain posing as a legitimate service to trick users into entering sensitive credentials. The site was flagged by 9 of 95 security vendors, indicating widespread suspicion about its authenticity. Unlike benign domains, kra-40.cc was registered on December 10, 2024, and resolves to 188.114.96.3, a hosting IP linked to suspicious activity. Its SSL certificate is issued by Google Trust Services, which may lend it an air of legitimacy to unsuspecting visitors.  PhishDestroy identifies this domain as part of a generic phishing campaign designed to harvest usernames and passwords under false pretenses. The domain’s age—just weeks old—and its rapid detection by security tools suggest it may target users in short-lived, high-impact campaigns. While the registrar is NICENIC INTERNATIONAL GROUP CO., LIMITED, a common provider for malicious actors, the presence of a valid SSL certificate could mislead visitors into believing the site is secure. Once credentials are entered, threat actors can use them for account takeovers, financial fraud, or further social engineering attacks.  If you’ve visited kra-40.cc, cease any further interaction with the site immediately. Change passwords for any accounts you may have entered, especially if you reused credentials across services. Scan your device for malware and report the domain to your organization’s SOC or relevant abuse channels. Monitor financial and email accounts closely for signs of unauthorized access. When in doubt, verify the legitimacy of websites by cross-referencing official domains and using multi-factor authentication to add an extra layer of security.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-12-10 17:50:40
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ccafa1d4-11a3-4684-ad2c-85d49fd356df
- PhishDestroy: https://phishdestroy.io/domain/kra-40.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-40.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-40.cc/
Last updated: 2026-03-28