# kra-49at.cc — SUSPICIOUS

> PhishDestroy identifies kra-49at.cc as a live credential harvesting phishing site currently active. Flagged by 1 of 95 VirusTotal vendors, view the full report.

## Summary
PhishDestroy has identified the active credential harvesting domain kra-49at.cc associated with unauthorized account access attempts. The domain is currently operational and engaged in phishing activities designed to deceive users into submitting sensitive login credentials. No specific brand impersonation has been confirmed as of this report.  Based on verified intelligence, kra-49at.cc was registered on November 19, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain resolves to IP address 185.226.92.168 and currently shows detection coverage of only 1 out of 95 VirusTotal security vendors, indicating low visibility within threat intelligence platforms. The domain utilizes a valid SSL certificate issued by Let's Encrypt, which may contribute to user trust. The age of the domain (less than a month) combined with a single detection suggests this is a recently deployed threat with potential for rapid expansion if unchecked.  This domain poses an elevated risk due to its active status and minimal detection coverage. Users should avoid interaction and implement immediate defensive measures. Organizations are advised to block the domain kra-49at.cc and the associated IP address 185.226.92.168 at network and DNS levels. Enhanced monitoring for credential stuffing attempts using this domain is recommended. Security teams should also consider submitting the domain to threat intelligence platforms to improve collective detection capabilities. Immediate action is necessary to prevent potential credential compromise through this phishing vector.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-19 13:32:02
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/22ef17d5-671d-4de3-88c9-dda7b1135a83
- PhishDestroy: https://phishdestroy.io/domain/kra-49at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-49at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-49at.cc/
Last updated: 2026-03-28