# kra-39at.cc — MALICIOUS

> Check if kra-39at.cc is safe. This fraudulent domain mimics legitimate sites to steal login details. VirusTotal flags it 15/95. Check the full report.

## Summary
PhishDestroy identifies kra-39at.cc as an active phishing domain engineered to harvest user credentials under the guise of a legitimate website. This domain employs spoofing techniques to impersonate trusted login portals, tricking victims into entering sensitive information such as usernames, passwords, or financial data. The threat is elevated due to the domain's recent registration and its use of a Let's Encrypt SSL certificate, which may falsely reassure users by displaying a padlock icon in browsers. Analysis confirms this domain resolves to IP address 185.226.92.168 and was created on July 28, 2025, indicating a hastily deployed operation designed to exploit user trust.  The evidence against kra-39at.cc is substantial and quantifiable. VirusTotal analysis reveals that 15 out of 95 participating security vendors have flagged this domain as malicious, underscoring its high-risk nature. This domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for lax oversight, further complicating efforts to trace or block the perpetrators. It has appeared on 1 security blocklist and is actively blocked by the Open Internet Standards and Defense (OISD), a leading threat intelligence network. The combination of a recent registration date, low-cost registration services, and immediate deployment of phishing infrastructure highlights the domain's malicious intent and urgency for user caution.  If you have visited kra-39at.cc, especially entering any personal or login credentials, act immediately to secure your accounts. Start by changing passwords for any accounts where you may have reused credentials, focusing first on email and financial services. Enable multi-factor authentication (MFA) on all critical accounts to add an extra layer of security. Scan your devices for malware using reputable antivirus software, as phishing sites often deploy keyloggers or steal session cookies to maintain persistent access. Report the domain to your browser's phishing warning system or to organizations like Google Safe Browsing. Avoid interacting with this domain or any links associated with it to prevent further exposure. For ongoing protection, consider using a DNS filtering service or security extension that blocks known phishing sites in real time.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-28 09:06:25
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f53e809e-c029-4227-ad97-d49a57484037
- PhishDestroy: https://phishdestroy.io/domain/kra-39at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-39at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-39at.cc/
Last updated: 2026-03-26