# kra34l.cc — MALICIOUS

> kra34l.cc involved in credential harvesting phishing with 6/95 VT flags. Domain created 2025-06-21. Check the full report for details.

## Summary
PhishDestroy identifies kra34l.cc as an active generic phishing domain engaged specifically in credential harvesting. Although no particular brand impersonation or drainer kit has been confirmed, the domain’s behavior suggests attempts to deceive users into submitting sensitive login information.

Technical indicators reveal that kra34l.cc has a VirusTotal detection rate of 6 out of 95 security vendors, highlighting a noteworthy albeit not overwhelming consensus on its malicious nature. This domain was registered on June 21, 2025, via NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP address 188.114.96.3 and employs an SSL certificate issued by Google Trust Services, a tactic often used to lend legitimacy to phishing pages. No Google Safe Browsing block status has been specified, though it is currently flagged as active with an elevated risk level.

Currently, kra34l.cc remains active and continues to pose an elevated risk for users susceptible to credential theft. Immediate response actions should include blocking access to the domain on network and endpoint levels, updating phishing detection rules, and educating users about credential harvesting threats. Given 6 security vendors have flagged the domain and its recent creation date, vigilance is crucial to mitigate ongoing risks associated with this phishing threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-21 07:49:53
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e65c7261-1ad3-4114-896a-eb010d98cd5b
- PhishDestroy: https://phishdestroy.io/domain/kra34l.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra34l.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra34l.cc/
Last updated: 2026-03-26