# kra106.cc — SUSPICIOUS

> kra106.cc involved in targeted email credential phishing, flagged by 3 VirusTotal vendors. Check the full report for detailed threat info.

## Summary
The domain kra106.cc has been identified as an active threat involved in email credential harvesting schemes. This specific phishing attack aims to deceive users into divulging sensitive login information, posing an elevated risk to targeted individuals or organizations.

According to available data, kra106.cc was created on April 08, 2025, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain currently resolves to IP address 104.21.53.79 and holds an SSL certificate issued by Google Trust Services, which could bolster its perceived legitimacy. On VirusTotal, 3 out of 95 security vendors have flagged this domain for malicious activity. Despite these detections, the domain remains active and has a low blocklist count, increasing the likelihood of successful exploitation.

Given the elevated risk posed by kra106.cc, it is crucial to block this domain at the network level and alert end users about potential credential phishing attempts. Organizations should enhance email filtering rules to detect messages originating from or referencing this domain. Security teams are advised to monitor related IP addresses and update endpoint protections accordingly. Prompt user education emphasizing cautious handling of unsolicited emails can reduce the impact of this ongoing threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-08 18:53:48
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.53.79

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6fd3a063-ae1a-4f20-b516-464afed51adb
- PhishDestroy: https://phishdestroy.io/domain/kra106.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra106.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra106.cc/
Last updated: 2026-03-28