# at-kra51.cc — MALICIOUS

> at-kra51.cc is a credential harvesting site. 9/95 VirusTotal engines flag it. Check the full report.

## Summary
at-kra51.cc is a recently activated credential-harvesting domain designed to trick visitors into entering usernames and passwords. PhishDestroy identifies this site as an active threat that poses an elevated risk to anyone who accesses it, because its sole purpose is to capture sensitive login details and pass them to attackers. The domain mimics legitimate services to deceive users into surrendering credentials that can then be used for account takeover, financial fraud, or corporate espionage.  This domain was flagged by PhishDestroy after security vendors confirmed malicious activity. VirusTotal analysis shows 9 out of 95 detection engines flagged the site, indicating strong but not universal consensus on its malicious nature. The domain was created on September 17, 2025, which is unusually recent and suggests a hastily deployed campaign. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP address 188.114.96.3, which has been linked to similar phishing operations. The domain also holds an SSL certificate from Google Trust Services, a tactic often used to appear legitimate and evade browser warnings.  If you visited at-kra51.cc, assume your credentials may have been compromised. Do not use the same passwords elsewhere. Log in to all accounts that share credentials with the site and enable multi-factor authentication immediately. Scan your device for malware and consider changing passwords from a different network or device. Report the domain to your IT team or security provider and avoid any further interaction with it.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-17 17:54:06
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fe2df702-a9f1-411d-86e2-96076d4dde08
- PhishDestroy: https://phishdestroy.io/domain/at-kra51.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-kra51.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-kra51.cc/
Last updated: 2026-03-28