# kra-31-cc-at.top — SUSPICIOUS

> kra-31-cc-at.top is a live phishing site that steals credit card data, flagged by only 1 of 95 VirusTotal engines.

## Summary
A newly activated phishing domain named kra-31-cc-at.top is actively luring users into entering credit-card details on a malicious payment portal designed to harvest financial data. This site masquerades as a legitimate credit-card payment interface and is already resolving to a suspicious IP address that hosts multiple high-risk domains. Cyber-criminals register short-lived domains like this one to evade detection while they harvest card numbers, expiry dates, and three-digit CVV codes from unsuspecting shoppers, then quickly disappear once security teams catch on.  PhishDestroy’s automated engines identified this domain on June 20, 2025—only days after its creation—confirming its rapid deployment cycle. VirusTotal currently flags it as malicious with a score of 1 out of 95 detection engines, reflecting the challenge of keeping pace with such transient infrastructure. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often abused for bulletproof hosting services that prolong phishing campaigns. The site also boasts an SSL certificate issued by Google Trust Services, a tactic attackers use to trick visitors into believing the page is secure.  If you accidentally visited kra-31-cc-at.top or entered payment details, immediately contact your card issuer to report the incident and request a new card number. Check recent transactions for unauthorized charges and consider activating two-factor authentication on online banking and payment apps. PhishDestroy recommends scanning your device with an updated antivirus tool to remove any keyloggers or trojans that may have been dropped during the visit. Always verify the exact spelling of payment portals before entering sensitive information and use browser extensions that flag known phishing domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-20 17:55:18
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.61.168

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bbd0b6c4-144e-401c-ad22-7881913e0259
- PhishDestroy: https://phishdestroy.io/domain/kra-31-cc-at.top/
- LLM endpoint: https://phishdestroy.io/domain/kra-31-cc-at.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-31-cc-at.top/
Last updated: 2026-03-29