# kra36-m.cc — MALICIOUS

> kra36-m.cc flagged for fake KFC loyalty point phishing — 10 of 95 VirusTotal vendors detected threats. Avoid this site and check the full report now.

## Summary
The domain kra36-m.cc has been identified as active and engaged in a specific type of phishing attack designed to impersonate a well-known loyalty rewards program. This fraudulent scheme attempts to deceive users into entering sensitive credentials or payment details under the guise of claiming or redeeming fake rewards points.  

This domain was flagged by 10 out of 95 VirusTotal security vendors, indicating elevated risk. The domain resolves to the IP address 185.226.92.168 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on July 27, 2025, and currently appears on multiple blocklists. It holds a Let's Encrypt SSL certificate, which may further lend an air of legitimacy to unwary visitors.  

Due to the active status of this phishing site and its use of deception tactics targeting users of a popular rewards program, immediate caution is advised. Users are strongly recommended to avoid interacting with kra36-m.cc and to report any suspicious activity related to this domain. If you suspect exposure to this scam, change passwords for associated accounts and monitor financial transactions closely. Consider using network-level protections such as DNS filtering or ad-blockers with phishing detection to block access to this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-27 16:16:41
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7a6f3141-ea5b-47a0-a73a-dd6e12af659b
- PhishDestroy: https://phishdestroy.io/domain/kra36-m.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra36-m.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra36-m.cc/
Last updated: 2026-03-26