# kra16x.cc — MALICIOUS

> kra16x.cc detected for credential harvesting phishing targeting crypto wallets. 6/95 engines flagged on VirusTotal. Check the full report.

## Summary
PhishDestroy identifies kra16x.cc as an active credential-harvesting domain registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 04, 2025. The site has been weaponized to steal user credentials under a generic phishing vector, with no specific brand or drainer kit attribution in open-source intelligence at this time. Behavior observed aligns with harvesting portals designed to siphon login data, often deployed in advance of larger credential-stuffing campaigns across financial and crypto platforms.


Technical investigation reveals kra16x.cc exhibits a high-risk profile: it scored 6/95 detections on VirusTotal, resolving to IP 188.114.96.3 via a valid SSL certificate issued by Google Trust Services. The domain was created on April 04, 2025, and is currently unlisted on major blocklists but remains under active monitoring by 6 security vendors. These indicators suggest a newly deployed infrastructure leveraging established trust chains to evade early-stage detection.


Despite its recent creation and moderate detection rate, kra16x.cc remains active and poses an elevated risk to users engaging with suspicious links or advertisements. Immediate blocking at DNS and network levels is strongly advised. Users should avoid accessing this domain and verify any related URLs using PhishDestroy’s real-time lookup. While the current threat is contained through proactive detection, the combination of recent registration, low VT coverage, and valid SSL infrastructure elevates the risk of successful exploitation if left unchecked.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 15:50:35
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e496e7e0-1f39-4083-ae7b-b2abed222475
- PhishDestroy: https://phishdestroy.io/domain/kra16x.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra16x.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra16x.cc/
Last updated: 2026-03-26