# kra16c.cc — SUSPICIOUS

> kra16c.cc hosts an active credential harvesting phishing site. VT 0/95 detections as of April 04, 2025. Check the full report.

## Summary
PhishDestroy identifies kra16c.cc as an active credential harvesting phishing domain under investigation. The domain was registered on April 04, 2025 and resolves to IP 172.67.134.22. It leverages a Google Trust Services SSL certificate to appear legitimate while targeting user credentials. Current VirusTotal analysis shows 0/95 detections, indicating evasion of common blocklists.  This domain was flagged through NICENIC INTERNATIONAL GROUP CO., LIMITED with no prior detections on VirusTotal and no presence on public threat intelligence feeds as of investigation time. The SSL certificate issued by Google Trust Services adds a false layer of legitimacy, increasing the likelihood of successful deception. The domain’s recent creation (April 04, 2025) and clean reputation suggest an opportunistic campaign likely exploiting newly registered infrastructure.  Mitigation requires immediate blocking of kra16c.cc and 172.67.134.22 at network and endpoint levels. Users should avoid accessing the domain and verify any unexpected login prompts via official channels. Security teams are advised to inspect DNS logs for resolution attempts and update email filtering rules to block messages referencing this domain. Given the absence of detections, heuristic analysis and behavioral monitoring are critical to preempt further compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 15:51:02
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.134.22

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1e211a1c-68fb-48ed-b4ad-596265684ef7
- PhishDestroy: https://phishdestroy.io/domain/kra16c.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra16c.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra16c.cc/
Last updated: 2026-03-26