# kra40--at.cc — MALICIOUS

> kra40--at.cc is a credential harvesting domain flagged by 8 of 95 VirusTotal vendors posing as a legitimate service.

## Summary
PhishDestroy identifies kra40--at.cc as an active credential harvesting domain currently leveraging deceptive branding to compromise user credentials. The domain is associated with generic phishing campaigns and remains operational as of July 2025, requiring immediate defensive action from security teams and heightened user awareness.  This domain was flagged by 8 of 95 VirusTotal vendors, indicating significant but not universal detection of its malicious nature. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 185.226.92.168. The domain was created on July 27, 2025, and is already blocked by one security blocklist, including OISD. Its SSL certificate, issued by Let's Encrypt, suggests an attempt to appear legitimate to potential victims. Trust scores remain critically low given its recent creation and rapid flagging across security platforms.  Security teams should immediately block kra40--at.cc at the network perimeter and investigate any internal DNS resolutions or HTTP(S) requests to the associated IP address. Users should be warned against interacting with this domain and directed to report any suspicious communications. Given its active status and low trust scores, proactive blocking and user education are critical to prevent potential credential theft or further phishing propagation. The domain’s recent creation and partial detection coverage emphasize the need for continuous monitoring and swift containment.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-27 18:20:13
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6c9bb84f-5ab0-4cf3-b631-04be69fd6edc
- PhishDestroy: https://phishdestroy.io/domain/kra40--at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra40--at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra40--at.cc/
Last updated: 2026-03-26