# kra27at-cc.com — SUSPICIOUS > kra27at-cc.com detected as credential phishing domain. VirusTotal 0/95 detections. Check the full report for safety analysis and block recommendations. ## Summary PhishDestroy identifies kra27at-cc.com as an active credential phishing domain under investigation for mimicking legitimate login portals. This domain poses a significant risk to users who may unwittingly submit sensitive authentication details to fraudulent pages disguised as trusted services. Security researchers note that such attacks frequently harvest usernames, passwords, and session tokens, enabling attackers to gain unauthorized access to accounts, personal data, or corporate systems. The domain’s recent registration and lack of detection on major security platforms make it particularly dangerous for unsuspecting visitors. This domain was flagged by PhishDestroy with a risk level marked as under_investigation. Technical indicators include a resolution to IP 188.114.96.3, an SSL certificate issued by Google Trust Services, and registration through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on February 14, 2025, and currently shows 0 out of 95 detections on VirusTotal. Despite the absence of detections, the combination of a trusted SSL issuer, recent creation date, and suspicious infrastructure warrants heightened scrutiny. The lack of inclusion on public blocklists suggests this domain may be newly operational or actively evading detection mechanisms. To mitigate risks associated with kra27at-cc.com, users should avoid interacting with the domain entirely. Organizations are advised to block the IP 188.114.96.3 and the domain at the network perimeter using DNS filtering or firewall rules. If credentials were entered, users must immediately change passwords on all affected accounts and enable multi-factor authentication where possible. Security teams should monitor for unusual login attempts or data exfiltration patterns linked to this domain. Additionally, reporting the domain to relevant cybersecurity authorities and threat intelligence platforms can help prevent further victimization. Proactive blocking and user awareness training remain the most effective defenses against credential phishing campaigns like this one. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-02-14 19:18:50 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/be7f1e0d-4df1-4bb8-b60d-93da3d692282 - PhishDestroy: https://phishdestroy.io/domain/kra27at-cc.com/ - LLM endpoint: https://phishdestroy.io/domain/kra27at-cc.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kra27at-cc.com/ Last updated: 2026-03-27