# kra28cc.net — SUSPICIOUS > kra28cc.net is a credential harvesting scam with 0/95 VirusTotal detections. Verify safety before entering any login details — Check the full report. ## Summary PhishDestroy identifies kra28cc.net as an active credential harvesting domain designed to steal user login credentials under the guise of a legitimate service. This domain mimics authentic login portals, luring victims into inputting sensitive information such as usernames and passwords. The attackers behind this campaign leverage social engineering tactics, often disguising the malicious domain as a trusted entity to bypass initial suspicion. Once credentials are submitted, they are immediately exfiltrated to attacker-controlled servers for misuse in further cybercriminal activities, including account takeovers and identity theft. This domain was flagged by PhishDestroy with critical indicators including 0 detections out of 95 VirusTotal engines, indicating it has evaded detection by most antivirus solutions as of the latest scan. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and became active on February 08, 2025. It resolves to the IP address 104.21.74.247, which hosts multiple suspicious domains. Despite the absence of VirusTotal detections, the domain’s recent creation date and lack of reputation suggest a high likelihood of malicious intent, particularly for phishing campaigns targeting unsuspecting users. Users who have visited kra28cc.net should immediately cease any interaction with the site and avoid entering any personal or login credentials. If credentials were entered, change passwords on all associated accounts immediately and enable multi-factor authentication where available. Additionally, users should scan their devices for malware using reputable security software and monitor financial accounts for unauthorized activity. Report the domain to your cybersecurity team or relevant authorities to help prevent further harm. For a detailed analysis and ongoing updates, access the full threat intelligence report linked in the PhishDestroy database. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-02-08 10:04:58 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.74.247 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7391c97d-d3ab-4084-9dc2-157b8c1fb463 - PhishDestroy: https://phishdestroy.io/domain/kra28cc.net/ - LLM endpoint: https://phishdestroy.io/domain/kra28cc.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kra28cc.net/ Last updated: 2026-03-28