# kra27atcc.com — SUSPICIOUS

> PhishDestroy identifies kra27atcc.com as a generic phishing domain with 3/95 VirusTotal flags. Check the full report.

## Summary
PhishDestroy confirms kra27atcc.com is an active phishing domain targeting users with fraudulent schemes. The site poses an elevated risk due to its recent creation and association with deceitful tactics designed to harvest sensitive credentials or financial information. Generic phishing attacks often impersonate legitimate services, luring victims into entering login details or personal data on spoofed interfaces. This domain was flagged immediately upon detection, underscoring the urgency of avoiding interaction. The campaign's infrastructure is already leveraging deception, demanding heightened scrutiny from users and security teams alike.  

This domain was flagged with 3 out of 95 security vendors on VirusTotal, indicating partial but consistent suspicion across multiple scanning engines. The registrar is NICENIC INTERNATIONAL GROUP CO., LIMITED, a provider known for hosting numerous abusive domains. Technical analysis connects kra27atcc.com to IP address 188.114.96.3, a known hosting infrastructure linked to fraudulent activities. The domain was registered on February 14, 2025, a timestamp suggesting a newly established threat designed to evade historical blocklists. Despite securing a Google Trust Services SSL certificate, the site’s content has already drawn scrutiny from at least three reputable security platforms. While the certificate may lend superficial legitimacy, the domain’s content and registration patterns contradict any trustworthy intent.  

To mitigate exposure, users should immediately block kra27atcc.com at the network and endpoint levels. Enterprises should update firewall rules, DNS blocklists, and proxy filters to deny access to 188.114.96.3 and any associated subdomains or IPs sharing this block. Security teams should scan environments for any outbound connections to this domain, particularly those involving browser traffic or credential submissions. Users who may have visited the site should reset passwords used on similar or related platforms, enable multi-factor authentication where possible, and review financial accounts for unauthorized transactions. Given the domain’s recent registration and partial detection status, vigilance must extend beyond passive blocking to active investigation of any internal systems that may have engaged with the threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-14 19:37:39
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3d6117bf-60e3-4ba8-b59c-220196bb1e50
- PhishDestroy: https://phishdestroy.io/domain/kra27atcc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra27atcc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra27atcc.com/
Last updated: 2026-03-27