# kra25.cc — MALICIOUS

> kra25.cc is actively impersonating a login portal to harvest credentials. VirusTotal shows 10/95 vendors flagging this site. Check the full report.

## Summary
PhishDestroy identifies kra25.cc as an active credential-harvesting campaign, posing an elevated threat to unsuspecting users. This domain mimics a legitimate login interface, tricking visitors into surrendering usernames and passwords. Security telemetry confirms the site is currently resolving to 64.190.63.222, a hosting infrastructure previously associated with phishing campaigns.  This domain was flagged by 10 out of 95 VirusTotal security vendors and was registered on August 14, 2024, through NICENIC INTERNATIONAL GROUP CO., LIMITED. The site holds a valid SSL certificate issued by DigiCert Inc, increasing its appearance of legitimacy. Despite this, kra25.cc remains absent from major blocklists at the time of analysis, highlighting the need for proactive threat hunting.  To mitigate exposure to kra25.cc, users should avoid clicking links from unsolicited emails or messages and verify URLs manually. Organizations are advised to deploy DNS filtering rules to block access to 64.190.63.222 and monitor internal DNS queries for kra25.cc. Immediate reporting of any interaction with this domain will strengthen collective defense against this credential-phishing operation.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-08-14 09:30:09
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 64.190.63.222

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e720b237-cd54-40c5-8661-84e4cb6f2bfa
- PhishDestroy: https://phishdestroy.io/domain/kra25.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra25.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra25.cc/
Last updated: 2026-03-28