# kra12.vip — MALICIOUS

> kra12.vip is flagged as malicious by PhishDestroy threat intelligence.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 521)
- Page title: kra12.vip

## Domain Intelligence
- Registered: 2025-11-20 00:00:14
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 86.54.25.38
- Nameservers: ns1.gcorelabs.net ns2.gcdn.services

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://urlscan.io/screenshots/019d36a8-e3ff-7304-8220-944b4e433d4e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/80a25968-d8b8-47ef-9088-e60eda3ce41e
- PhishDestroy: https://phishdestroy.io/domain/kra12.vip/
- LLM endpoint: https://phishdestroy.io/domain/kra12.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra12.vip/
Last updated: 2026-03-29