# kra41cc.com — MALICIOUS

> kra41cc.com is linked to credential theft with 5 of 95 VirusTotal vendors flagging it. Avoid sharing personal data on this site.

## Summary
The domain kra41cc.com has been identified as involved in credential theft, a specific form of phishing aimed at stealing user login information. The domain is currently active and poses an elevated risk to users attempting to access or interact with it. No direct brand impersonation has been observed, but the threat nature is focused on harvesting sensitive credentials.

According to available intelligence, kra41cc.com was registered recently on February 8, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It employs a Let's Encrypt SSL certificate and resolves to the IP address 104.21.86.66. VirusTotal analysis shows that 5 out of 95 security vendors have flagged the domain as malicious. Additionally, the domain appears on one security blocklist and is specifically blocked by MetaMask, indicating its connection to crypto-related threat activity. These indicators collectively reflect a concerning trust score and highlight its elevated threat level.

Given that kra41cc.com remains active and flagged by multiple security entities, users are strongly advised to avoid visiting this domain or submitting any personal or login information. Security professionals should consider adding kra41cc.com to internal blocklists and monitor related traffic for potential credential theft attempts. Continuous vigilance and updating of security tools to recognize this domain will help mitigate the risk posed by this credential theft operation.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:07:37
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.86.66

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/daf06dc4-b38e-4abc-9d33-63599c7c048b
- PhishDestroy: https://phishdestroy.io/domain/kra41cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra41cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra41cc.com/
Last updated: 2026-03-27