# kra-b19.cc — SUSPICIOUS

> kra-b19.cc is a fake invoice scam domain detected Dec 2025. VT score 4/95, check full report for safety guidance.

## Summary
PhishDestroy identifies kra-b19.cc as an active generic phishing domain masquerading as an invoice payment portal, with no direct branding affiliation but leveraging social engineering tactics to harvest financial credentials. This domain is likely part of a broader campaign targeting users expecting legitimate billing notifications. No specific drainer kit (e.g., Evilginx, Modlishka) has been confirmed during initial analysis, but behavior suggests use of a decoy payment form designed to capture credit card data under the guise of an unpaid invoice dispute resolution process.


Technical indicators confirm elevated risk: VirusTotal flagged the domain with only 4/95 security vendors detecting malicious intent at time of analysis. The domain resolves to IP 172.67.211.124 (Cloudflare), was registered December 12, 2025, and is hosted under NICENIC INTERNATIONAL GROUP CO., LIMITED. Google Safe Browsing (GSB) has not blacklisted the domain as of current scan, and this phishing site remains unlisted on most public blocklists. The SSL certificate is issued by Google Trust Services, which may be used to enhance perceived legitimacy despite the recent registration.


The campaign remains active as of seed 8c7855, indicating ongoing deployment. Immediate response includes blocking kra-b19.cc at network and DNS levels, isolating any endpoints that accessed it, and updating endpoint detection rules to flag similar newly registered domains. While the site lacks GSB listing and low VT coverage suggests limited awareness, the risk remains elevated due to active propagation and spoofed invoice lures. Users are advised to avoid clicking unsolicited payment links, verify sender domains independently, and report any credentials entered to their security teams. Remaining risk includes potential expansion of the campaign using similar low-character-count, auto-generated domains, necessitating continuous monitoring and proactive threat hunting around invoice-themed phishing vectors.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:52:26
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.211.124

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/39c3850b-e05a-4811-aa84-7662a73b6d65
- PhishDestroy: https://phishdestroy.io/domain/kra-b19.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-b19.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-b19.cc/
Last updated: 2026-03-28