# kr27b.at — SUSPICIOUS

> kr27b.at is under investigation for phishing risks. Stay cautious and avoid sharing personal info until the domain’s safety is confirmed.

## Summary
PhishDestroy has identified the domain kr27b.at as potentially involved in generic phishing activities. Although definitive classification is pending, this domain is currently under active investigation due to suspicious indicators related to phishing schemes. Users should remain vigilant when interacting with this domain or any communications referencing it.

Technical analysis reveals that kr27b.at is registered through Gransy s.r.o., a registrar known to host a variety of domains, some of which have been linked to malicious behavior. The domain resolves to the IP address 172.67.160.182, which is part of a network often associated with content delivery services but can also be exploited for malicious purposes. Notably, VirusTotal scans show zero detections across all 95 security vendors, indicating that no direct malware or phishing payloads have been identified yet. However, the absence of detections does not guarantee safety, especially given the domain’s recent registration and suspicious usage patterns.

Currently, kr27b.at is flagged as an active threat under investigation, with no conclusive proof of compromise but enough cause for caution. PhishDestroy recommends users avoid engaging with this domain and reports any suspicious activity linked to it. Security teams should monitor the domain for emerging indicators of compromise and update blocklists as necessary to prevent potential phishing attacks.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 403)

## Domain Intelligence
- Registrar: Gransy s.r.o. ( https://nic.at/registrar/609 )
- IP: 172.67.160.182
- Nameservers: chris.ns.cloudflare.com dee.ns.cloudflare.com

## Detection Status
- VirusTotal: 0 vendors flagged
  Vendors: []
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://i.ibb.co/8LxfMvxF/32040765d4f0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e7937a4e-d926-4109-94d7-c6341b4031e3
- PhishDestroy: https://phishdestroy.io/domain/kr27b.at/
- LLM endpoint: https://phishdestroy.io/domain/kr27b.at/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kr27b.at/
Last updated: 2026-03-19