# kra2c.cc — MALICIOUS

> kra2c.cc is a credential-harvesting domain flagged by 7/95 vendors. It poses as a legitimate service while harvesting login details, created April 04, 2025.

## Summary
PhishDestroy identifies kra2c.cc as an active credential-harvesting domain designed to trick users into surrendering sensitive login credentials. The site mimics a legitimate service, luring victims to a spoofed login page where entered credentials are immediately exfiltrated to attacker-controlled infrastructure. This is not a theoretical risk; the domain is currently resolving to 172.67.132.164 and has already been flagged by 7 out of 95 VirusTotal security vendors, indicating confirmed malicious activity.  This domain was flagged based on multiple indicators of compromise. It was registered on April 04, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating high-risk registrations. The domain uses a Google Trust Services SSL certificate to appear legitimate, but the combination of recent creation, low detection ratio, and active hosting strongly suggests it is part of a targeted phishing campaign. The IP address 172.67.132.164 is associated with known malicious infrastructure used in credential theft operations, particularly against users expecting secure authentication flows.  If you visited kra2c.cc, immediately change passwords for any accounts you may have entered. Use a password manager to generate and store new, unique credentials. Scan your device for malware using reputable antivirus tools, as phishing sites often deploy info-stealing trojans. Report the domain to your security team or use PhishDestroy’s blocklist to prevent further exposure. Avoid clicking links in unsolicited emails or messages, and verify website authenticity via official channels before entering credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 14:52:32
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.132.164

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5355f70a-e6bd-4430-a9fe-596dec388340
- PhishDestroy: https://phishdestroy.io/domain/kra2c.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra2c.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra2c.cc/
Last updated: 2026-03-26