# kra-b12.cc — SUSPICIOUS

> kra-b12.cc hosts a fake login phishing scam, flagged by 4/95 engines. Verify this elevated risk threat on PhishDestroy for safety.

## Summary
PhishDestroy identifies kra-b12.cc as an active phishing domain posing an elevated risk to users through a fake login scam. This specific threat targets users by attempting to steal credentials via fraudulent login prompts that impersonate legitimate sites or services.

This domain was created on December 12, 2025, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to the IP address 188.114.96.3 and uses an SSL certificate issued by Google Trust Services, which may be exploited to appear trustworthy. VirusTotal flags kra-b12.cc in 4 out of 95 security vendor engines, confirming a limited but credible detection footprint. While only a small fraction of scanners identify it as malicious, the domain’s recent creation date combined with active phishing reports and elevated risk level mark it as a threat. There is no indication of broader blocklist coverage yet.

To mitigate risk from this fake login phishing threat, users should avoid entering credentials on kra-b12.cc and similar suspicious domains. Employ multi-factor authentication (MFA) on all accounts to limit credential misuse potential. Security teams should monitor access patterns to the IP 188.114.96.3 and block the domain at network gateways or DNS filters. Always verify domain reputation through trusted sources like PhishDestroy before interacting with unrecognized URLs. Regular end-user training to recognize fake login screens is critical to reduce successful compromise attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:52:30
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/193485ae-ee94-4e17-95d6-7f7ef3790563
- PhishDestroy: https://phishdestroy.io/domain/kra-b12.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-b12.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-b12.cc/
Last updated: 2026-03-28