# www-kra-34.cc — MALICIOUS

> Domain www-kra-34.cc is a live crypto credential theft scam flagged by 7 of 95 VirusTotal vendors with SSL via Google Trust Services. Block access immediately.

## Summary
www-kra-34.cc has been confirmed to host a live crypto credential theft scam campaign. As of today this domain remains active and is actively luring victims into surrendering cryptocurrency account details through spoofed login interfaces. Operators are rotating infrastructure rapidly, evidenced by the June 30, 2025 registration date and the use of a Google-issued SSL certificate to establish fraudulent legitimacy.  This domain was flagged by 7 of 95 VirusTotal vendors within hours of becoming resolvable, indicating high confidence in its malicious intent. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP address 172.67.194.26. Google Trust Services issued the SSL certificate on creation day, suggesting the threat actor is attempting to bypass browser warnings via a trusted CA. The short operational window and low VT detection ratio at time of discovery underscore the need for rapid containment before broader compromise occurs.  Current status remains active at the time of analysis. Immediate defensive actions include: 1) adding www-kra-34.cc and 172.67.194.26 to blocklists at DNS, firewall, and proxy layers; 2) disabling outbound HTTPS connections to the IP via DLP policies; 3) reviewing logs for historical hits pointing to this domain or IP; 4) alerting SOC teams to flag any additional domains registered by NICENIC INTERNATIONAL GROUP CO., LIMITED within the last 72 hours. Monitor for re-registration after takedown attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-30 16:22:35
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.194.26

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f1b95d4f-ff3a-4776-9863-81dfc2caa325
- PhishDestroy: https://phishdestroy.io/domain/www-kra-34.cc/
- LLM endpoint: https://phishdestroy.io/domain/www-kra-34.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www-kra-34.cc/
Last updated: 2026-03-29