# kra34cc.com — MALICIOUS

> kra34cc.com is a fake login portal harvesting credentials. Flagged by 11 of 95 VirusTotal vendors. Check the full report.

## Summary
kra34cc.com is a credential-harvesting domain currently active and engaged in fraudulent login portal operations. This domain is being tracked under the unique seed identifier 33cc50 as part of a structured phishing investigation. The threat actor behind this campaign impersonates a legitimate service to deceive users into submitting sensitive authentication credentials, which are then harvested for malicious purposes. The domain is classified under the generic phishing threat type with an elevated risk level due to its active status and confirmed malicious infrastructure. 


PhishDestroy identifies kra34cc.com as a fraudulent login portal designed to mimic a trusted service, enabling unauthorized credential collection. This domain was flagged by 11 of 95 VirusTotal security vendors, indicating a high likelihood of malicious activity. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP address 104.21.45.6, which has been associated with phishing infrastructure. Additionally, the domain was created on January 19, 2025, and possesses an SSL certificate issued by Google Trust Services, likely to enhance its perceived legitimacy. Despite the SSL certificate, the domain's recent creation date and low trust scores among security vendors underscore its high-risk nature. 


This domain remains active and poses an ongoing threat to users who may encounter it through phishing emails, malicious advertisements, or compromised links. Security researchers and end-users are strongly advised to avoid interacting with kra34cc.com and to report any observed activity to relevant cybersecurity authorities or threat intelligence platforms. Organizations should consider blocking the domain at the network level and updating firewall rules to prevent access. Users who suspect exposure to this domain should immediately change any potentially compromised credentials and enable multi-factor authentication where applicable. Continuous monitoring of this domain is recommended due to its evolving nature and potential for further malicious activities.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-01-19 19:51:12
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.45.6

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/11aeccd6-2116-4826-8d12-afc9e0daa516
- PhishDestroy: https://phishdestroy.io/domain/kra34cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra34cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra34cc.com/
Last updated: 2026-03-27