# kra31cckra32cc.top — SUSPICIOUS > PhishDestroy identifies kra31cckra32cc.top as an active credential-harvesting site. 2 out of 95 VirusTotal vendors flagged it. Check the full report. ## Summary PhishDestroy’s threat intelligence system has flagged kra31cckra32cc.top as an active credential-harvesting domain engineered to steal login details under the guise of a legitimate service. The page is designed to mimic a familiar login interface—typically that of a major e-commerce or financial platform—tricking visitors into entering their credentials, which are immediately harvested by the attackers. This domain was registered on June 04, 2025, and is currently resolving to IP address 91.236.116.165. The use of a recently registered domain with a deceptive naming convention (repetition of 'kra31cc' and 'kra32cc') is a known tactic to bypass reputation-based defenses. This domain has been assessed with elevated risk and is currently active in the threat landscape. VirusTotal analysis confirms that 2 of 95 participating security vendors have detected malicious activity associated with kra31cckra32cc.top during static and behavioral scanning. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating bulk and short-lived registrations favored by phishing actors. The combination of fresh registration date, low vendor detection rate, and suspicious naming pattern increases the likelihood of successful deception. If you have visited kra31cckra32cc.top or entered any login credentials on the page, immediately change your password on the legitimate site and enable multi-factor authentication (MFA). Scan your device for malware using a reputable antivirus tool, as credential stealers may drop additional payloads. Report the incident to your organization’s security team or your email provider, and avoid interacting with any further communications from this domain. Consider blocking kra31cckra32cc.top and its associated IP (91.236.116.165) at your network perimeter to prevent future access. PhishDestroy continues to monitor this domain and will update classifications as new intelligence emerges. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: kra31cckra32cc.top ## Domain Intelligence - Registered: 2025-06-04 10:12:45 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 91.236.116.165 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/99ba1311-cc16-41d8-bfff-69dca52c847b - PhishDestroy: https://phishdestroy.io/domain/kra31cckra32cc.top/ - LLM endpoint: https://phishdestroy.io/domain/kra31cckra32cc.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kra31cckra32cc.top/ Last updated: 2026-03-28