# kra-35-at.com — SUSPICIOUS

> kra-35-at.com hosts a credential harvesting scam with 3 out of 95 VT detections. Check the full report for detailed forensic analysis and safety tips.

## Summary
PhishDestroy identifies kra-35-at.com as an active credential harvesting scam domain designed to collect sensitive user information, such as login credentials. There is no direct association with a known brand or drainer kit at this time, but its intent aligns with typical generic phishing campaigns targeting unsuspecting users with deceptive tactics.

Technical indicators reveal kra-35-at.com was registered recently on February 8, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP address 188.114.97.3 and employs a Google Trust Services SSL certificate, potentially to masquerade as a legitimate site. VirusTotal flags this domain as malicious by 3 out of 95 security vendors, indicating emerging but limited detection. The domain is currently active and not yet widely blacklisted, although Google Safe Browsing status is implied as risky.

Currently, kra-35-at.com is an elevated risk phishing threat with active exploitation potential. Users and organizations should exercise caution and avoid interacting with suspicious links related to this domain. Security teams are advised to monitor for new detections, block the IP and domain at perimeter defenses, and educate end-users about credential harvesting risks. Immediate proactive blocking and reporting remain critical to mitigate ongoing risks posed by this emerging scam site.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:23:56
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/458f01ec-02b0-446c-bcbc-0792691ebb11
- PhishDestroy: https://phishdestroy.io/domain/kra-35-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-35-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-35-at.com/
Last updated: 2026-03-27