# kra-b8.cc — MALICIOUS

> kra-b8.cc exposed as credential phishing site flagged by 6/95 VirusTotal vendors. Immediate detection and blocking recommended.

## Summary
PhishDestroy identifies kra-b8.cc as an active credential phishing domain engineered to harvest user login details through deceptive login forms. This site impersonates a legitimate service interface, leveraging social engineering to trick victims into surrendering credentials under false pretenses. No specific brand or drainer kit has been confirmed at this time, but the infrastructure suggests a generic but effective phishing template designed for wide deployment.  This domain was flagged by 6 out of 95 VirusTotal security vendors, indicating elevated maliciousness with limited but meaningful detection coverage. It resolves to IP address 172.67.187.98 and was registered via NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on December 12, 2025, and currently holds a valid SSL certificate issued by Google Trust Services. Despite its recent creation and clean SSL status, kra-b8.cc has already been added to multiple threat intelligence blocklists.  As of today, the domain remains active and poses an elevated risk to users who encounter it. Immediate defensive actions include domain blocking at the DNS and network perimeter levels. Organizations are advised to inspect internal DNS logs for recent resolutions to 172.67.187.98 or kra-b8.cc, and to update firewall rules to block outbound connections to this IP. While detection signatures continue to improve, proactive blocking remains the most effective mitigation against this threat due to its short operational lifespan and active deployment. Remaining risk is assessed as elevated given the domain’s recent activation and partially observed malicious activity.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:52:31
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.187.98

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8cb7d3b2-7a06-4987-bf84-38577fd482c5
- PhishDestroy: https://phishdestroy.io/domain/kra-b8.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-b8.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-b8.cc/
Last updated: 2026-03-28