# kra-39at.com — MALICIOUS

> Domain kra-39at.com is a credential theft phishing site flagged by 10/95 VirusTotal scanners. Avoid entering personal data. Reported Feb 07, 2025.

## Summary
PhishDestroy identifies kra-39at.com as an active credential theft phishing domain designed to trick users into surrendering login credentials or sensitive information. The site mimics legitimate services to harvest usernames, passwords, and financial details, often redirecting victims to fake login portals or malicious data collection forms. Once harvested, stolen credentials are used for unauthorized account access, financial fraud, or sold on dark web markets. Security researchers have observed this domain being promoted via spoofed emails, social media messages, or deceptive advertisements targeting users under the guise of account verification or service updates.  This domain was flagged by 10 out of 95 VirusTotal security vendors, indicating elevated risk of malicious activity. It was registered on February 07, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 104.21.11.6. The site holds a valid SSL certificate issued by Google Trust Services, which may misleadingly suggest legitimacy to non-technical users. Despite its recent creation and limited detection coverage, the domain’s rapid propagation and low barrier to access make it a growing threat to unwary internet users.  If you visited kra-39at.com or entered any information, immediately change passwords for affected accounts and enable two-factor authentication where possible. Scan your device with updated antivirus software to detect any malware or unauthorized access. Report the domain to your email provider or browser security team to help block future access. Avoid clicking on links from unsolicited messages and verify website authenticity by checking URLs and SSL certificates before entering credentials. Stay informed and cautious to prevent falling victim to credential theft operations.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-07 23:44:01
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.11.6

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/99b0d738-a42a-4c50-8060-9077335f6db1
- PhishDestroy: https://phishdestroy.io/domain/kra-39at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-39at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-39at.com/
Last updated: 2026-03-27