# kra301.cc — MALICIOUS

> kra301.cc is a credential-stealing site mimicking a login portal, reported by 6/95 VirusTotal scanners. Avoid entering sensitive info. Check the full report.

## Summary
PhishDestroy identifies kra301.cc as an active credential-harvesting domain posing as a login interface, likely designed to trick users into surrendering email, banking, or social media credentials. This domain was flagged by six VirusTotal security vendors out of 95 analyzed engines, indicating a high detection rate for phishing behavior. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 10, 2025, and currently appears on one public blocklist, suggesting it is newly operational and rapidly being cataloged by threat intelligence systems. Its SSL certificate issued by Google Trust Services may lend it a false veneer of legitimacy, but the domain resolves to IP 172.67.166.46 and carries elevated risk due to its short operational window and growing footprint in phishing feeds.  The specific threat posed by kra301.cc is a generic phishing campaign targeting user authentication portals. Victims arriving via phishing emails, malicious ads, or compromised links are presented with a counterfeit login page that closely mirrors legitimate services. Once credentials are entered, they are transmitted to attacker-controlled servers, enabling account takeover, financial fraud, or identity theft. The domain’s recency—created on April 10, 2025—combined with its presence on one blocklist and a VirusTotal detection rate of 6/95, indicates a rapidly evolving threat that may evade some traditional defenses due to its use of a trusted SSL provider and clean domain structure.  If you visited kra301.cc, immediately cease using any credentials entered on the site. Change passwords on all accounts where the same or similar credentials were used, and enable multi-factor authentication wherever possible. Scan your device with updated antivirus software to detect any malware. Report the domain to your IT team or security provider, and avoid clicking any links or downloading files from this site. Monitor financial and email accounts for suspicious activity, and consider using identity protection services if sensitive data was exposed. Stay vigilant for follow-up phishing attempts leveraging stolen credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-10 19:53:18
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.166.46

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/88de3645-d925-4d34-9f1b-ead18cc680ad
- PhishDestroy: https://phishdestroy.io/domain/kra301.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra301.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra301.cc/
Last updated: 2026-03-26