# kra27.net — SUSPICIOUS

> kra27.net engages in credential harvesting phishing targeting users. Created Nov 2024, flagged by 4/95 vendors. Check the full report.

## Summary
The domain kra27.net is currently active and poses an elevated risk due to its involvement in credential harvesting phishing attacks. This specific threat type aims to deceive users into divulging sensitive login information, which can lead to unauthorized access and further compromise.

Detailed threat intelligence reveals that kra27.net was created recently on November 2, 2024, and resolves to the IP address 172.67.129.178. The domain uses an SSL certificate issued by Google Trust Services, which may lend it a false sense of legitimacy. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis flags this domain as malicious with 4 out of 95 security vendors detecting it as a threat. No additional blocklist data or trust scores were provided, but the combination of these factors supports the elevated risk rating.

To mitigate the risks posed by kra27.net’s credential harvesting tactics, organizations and users should implement robust email filtering to catch phishing attempts, educate users on recognizing suspicious login requests, and enforce multi-factor authentication (MFA) to reduce the impact of compromised credentials. Regular monitoring of network traffic for connections to the IP 172.67.129.178 and blocking access to this domain can further help prevent exploitation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-02 16:48:40
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.129.178

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/139e2fd5-4990-4553-b2f7-69a726e400d5
- PhishDestroy: https://phishdestroy.io/domain/kra27.net/
- LLM endpoint: https://phishdestroy.io/domain/kra27.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra27.net/
Last updated: 2026-03-28