# kra-shop-onion.top — SUSPICIOUS

> Domain kra-shop-onion.top flagged for credential theft phishing with 1/95 VirusTotal detections. Protect your accounts now before login data is harvested.

## Summary
PhishDestroy identifies the active credential theft domain kra-shop-onion.top as part of an ongoing phishing campaign (unique seed 0c2f40). The domain impersonates a legitimate retail brand to harvest user credentials, leveraging a spoofed login portal designed to exfiltrate entered usernames and passwords directly to attacker-controlled infrastructure. No evidence of a crypto drainer or advanced browser-based toolkit deployment has been observed at this time; the campaign relies on basic but effective social engineering and domain spoofing to deceive victims.


Technical indicators confirm elevated risk: kra-shop-onion.top resolves to IP 188.114.97.3 and was registered on June 08, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain holds a Google Trust Services SSL certificate and has been detected by 1 out of 95 VirusTotal security vendors. This low detection rate—paired with its recent creation and use of a trusted certificate issuer—suggests potential for evading automated defenses. As of this analysis, no public blocklists are known to include the domain or its IP, leaving it operational in the threat landscape.


The campaign remains active as of this report, with no confirmed takedown or mitigation by hosting providers or certificate authorities. Users interacting with kra-shop-onion.top are at imminent risk of credential compromise. Response actions include immediate DNS blocking of the domain and IP, revocation verification of the SSL certificate, and user education to avoid entering credentials on untrusted portals. Remaining risk is elevated due to the domain’s recent registration, low detection footprint, and active operational status. Immediate defensive measures are strongly recommended.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-08 20:40:42
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ac44e8e7-1f6d-4525-ae3e-61310308e6f1
- PhishDestroy: https://phishdestroy.io/domain/kra-shop-onion.top/
- LLM endpoint: https://phishdestroy.io/domain/kra-shop-onion.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-shop-onion.top/
Last updated: 2026-03-27