# at-kra36.cc — SUSPICIOUS

> PhishDestroy identifies at-kra36.cc as a generic phishing site created Jan 23, 2025. Avoid this elevated-risk domain. Immediately block this domain.

## Summary
PhishDestroy has identified at-kra36.cc as an active generic phishing site. This domain presents an elevated risk to users, as it is designed to steal credentials or sensitive information through deceptive means. No specific brand or drainer kit has been identified at this time, indicating a potentially broad or still-developing phishing campaign.  

Technical indicators for at-kra36.cc reveal that VirusTotal reports a score of 4/95, meaning four security vendors have flagged the domain as malicious. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP address 172.67.204.56 and was created on January 23, 2025. The SSL certificate is provided by Google Trust Services. There is no current Google Safe Browsing (GSB) status available, and no blocklist count beyond VirusTotal.  

The domain at-kra36.cc is currently active and poses an elevated phishing risk. Immediate response actions include blocking the domain at the network level and educating users about the potential threat. Users should be advised to avoid interacting with any content or links associated with this domain. Given the active status, continuous monitoring is crucial to detect any changes in its behavior or associated campaigns. The remaining risk is considered elevated due to the confirmed phishing nature and active status.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-01-23 21:00:48
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.204.56

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dbd0f98e-fa5e-4027-9d49-a5bd8828b429
- PhishDestroy: https://phishdestroy.io/domain/at-kra36.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-kra36.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-kra36.cc/
Last updated: 2026-03-26