# kra20-c.cc — MALICIOUS

> kra20-c.cc is a phishing site delivering generic credential theft via a Google-validated SSL page hosted at 188.114.96.3; block and avoid.

## Summary
PhishDestroy identifies kra20-c.cc as a live phishing domain engineered to harvest user credentials under the guise of a legitimate service. Once resolved, the domain returns a login page that requests personal information, with the HTTPS indicator misleadingly backed by a Google Trust Services certificate (CN=Google LLC) to lower victim suspicion. Behind the scenes, the page exfiltrates entered data to an attacker-controlled server, enabling immediate account takeover and potential follow-on fraud.  This domain was flagged by 8 of 95 VirusTotal engines within hours of its April 04, 2025 creation. Registration details point to NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently abused for short-lived malicious domains. WHOIS data shows a registrant privacy shield and a recent creation timestamp, both red flags for disposable infrastructure. The hosting IP 188.114.96.3 sits within Cloudflare’s ASN range, a common bulletproofing tactic to delay takedowns while traffic is redirected.  If you visited kra20-c.cc, immediately change any passwords typed on the site and enable multi-factor authentication on all related accounts. Run a full antivirus scan and inspect browser extensions for unauthorized access. Report the domain to your security team and block 188.114.96.3 at the firewall. Monitor financial accounts for unusual transactions, as stolen credentials may be leveraged for fraudulent purchases or further social engineering.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 17:34:24
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3fe6097a-15a0-4f8a-a64d-2c7c58ea3f1e
- PhishDestroy: https://phishdestroy.io/domain/kra20-c.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra20-c.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra20-c.cc/
Last updated: 2026-03-26