# kra-37-at.cc — SUSPICIOUS

> The domain kra-37-at.cc is a recently launched generic phishing site posing as a legitimate service. Users should avoid entering credentials, as 4 out of 95.

## Summary
The domain kra-37-at.cc has been identified as an active generic phishing site. This domain does not mimic a specific brand but instead employs deceptive tactics to trick users into divulging sensitive information. The absence of a well-known brand association suggests a broad, opportunistic phishing campaign rather than a targeted attack. No specific drainer kit or payload has been publicly attributed to this domain at this time, though its infrastructure aligns with typical phishing operations designed for credential harvesting or malware delivery.


Technical analysis reveals several red flags associated with this domain. PhishDestroy flagged kra-37-at.cc, and it currently resolves to IP address 188.114.97.3. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 09, 2025, making it a recently established threat. It holds a valid SSL certificate issued by Google Trust Services, likely to appear legitimate to unsuspecting users. Despite this, 4 out of 95 security vendors on VirusTotal have flagged the domain as malicious, and it has been listed on 1 security blocklist. These indicators collectively suggest a high-risk threat with active evasion techniques.


As of the latest assessment, kra-37-at.cc remains active and poses an elevated risk to users. Immediate actions include blocking the domain at the network and endpoint levels, and users should avoid accessing the site entirely. Security teams are advised to monitor for any evolution in the domain’s infrastructure or payload delivery methods. While the current risk is elevated, proactive blocking and user awareness remain critical to mitigating potential damage. The combination of recent registration, low vendor detection rate, and active SSL certificate highlights the need for continued vigilance as this threat may escalate or adapt in the near future.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-09 20:25:58
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bf3d15e8-ebb3-4b4c-b557-6f9087ad4f1e
- PhishDestroy: https://phishdestroy.io/domain/kra-37-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-37-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-37-at.cc/
Last updated: 2026-03-26