# kra-2-at.cc — SUSPICIOUS

> kra-2-at.cc engages in credential harvesting. This elevated-risk phishing domain was created 4/4/2025. Check the full report.

## Summary
PhishDestroy identifies kra-2-at.cc as an active credential-harvesting domain impersonating a legitimate service to steal user login credentials. The site presents an elevated risk profile due to its recent creation date, minimal security vendor detections, and infrastructure choices aligned with phishing operations.

This domain was flagged with a VirusTotal detection ratio of 1 out of 95 security vendors, indicating limited but present recognition of malicious activity. kra-2-at.cc was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 4, 2025, and resolves to IP address 172.67.165.219. Despite using a Google Trust Services SSL certificate, the domain exhibits behavioral patterns consistent with credential harvesting, including recently registered infrastructure and low security coverage.

Users should avoid interacting with kra-2-at.cc due to confirmed credential-harvesting intent. Organizations are advised to block the domain at the network level and monitor DNS queries for 172.67.165.219. If credentials were entered, users should immediately reset passwords on the legitimate service and enable multi-factor authentication. Report the domain to your IT security team and update browser safety filters to include kra-2-at.cc as a known threat. Monitor financial accounts for unauthorized transactions and consider using identity theft protection services. Always verify URLs before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 15:02:30
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.165.219

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b5c430ea-bc8f-4004-ae48-f880e6e431ea
- PhishDestroy: https://phishdestroy.io/domain/kra-2-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-2-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-2-at.cc/
Last updated: 2026-03-26