# kra29at-cc.com — MALICIOUS > kra29at-cc.com is a new phishing domain flagged by 14/95 VirusTotal scanners. Avoid entering credentials—this site impersonates legitimate services to steal. ## Summary PhishDestroy identifies kra29at-cc.com as an active credential harvesting site currently engaged in generic phishing operations. Security teams and end-users should treat this domain as elevated risk due to its active abuse for identity theft. The site was registered on February 14, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and is hosted at IP 172.67.141.231. VirusTotal analysis shows 14 out of 95 security vendors flag this domain, indicating widespread detection of malicious intent. The presence of a Google Trust Services SSL certificate does not validate legitimacy, as threat actors routinely exploit trusted issuers to disguise malicious infrastructure. Although domain age is low, its early compromise and rapid deployment of phishing content demonstrate high operational risk. kra29at-cc.com exhibits multiple red flags consistent with credential harvesting campaigns. It was created on February 14, 2025, a date corresponding with a surge in fake login portals targeting unsuspecting users. The domain resolves to IP 172.67.141.231, a shared hosting environment known to harbor multiple phishing domains. Registered via NICENIC INTERNATIONAL GROUP CO., LIMITED—a registrar with a mixed reputation—this entity has previously facilitated malicious domain registrations through bulk and privacy-protected channels. Only 14/95 VirusTotal engines detected this threat at time of analysis, reflecting a narrow window of detection against a fast-evolving attack vector. There are no public listings indicating this site has reached major blocklists such as Google Safe Browsing or PhishTank, further delaying community-wide protection. Users can defend against kra29at-cc.com by immediately blocking the domain at network and endpoint levels using the IP 172.67.141.231 and the full domain name. Enable real-time phishing detection in browsers and email clients, and warn users about entering any credentials on this site. Organizations should inspect SSL certificates for mismatched domains or short validity periods, as these often reveal impostor sites. Since the domain is recently registered, monitoring for similar typosquatting (e.g., kra29at.com, kra29at-cc.net) is essential. Report the domain to your security vendor and encourage users to report suspicious login prompts. Given the active abuse timeline and lack of broad blocklist coverage, proactive identification remains more effective than reactive remediation. Treat any interaction with kra29at-cc.com as a potential credential theft attempt and initiate incident response procedures if credentials were entered. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-02-14 19:18:58 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.141.231 ## Detection Status - VirusTotal: 14 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1da40f3a-ffdc-43b0-bc38-3eddfa491fcc - PhishDestroy: https://phishdestroy.io/domain/kra29at-cc.com/ - LLM endpoint: https://phishdestroy.io/domain/kra29at-cc.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kra29at-cc.com/ Last updated: 2026-03-27