# kra25at.com — MALICIOUS

> kra25at.com is a confirmed bank phishing site flagged by 12 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies kra25at.com as an active domain engaged in bank credential phishing, currently classified with an elevated risk status. This domain is crafted to mimic official banking login interfaces, tricking users into surrendering sensitive financial credentials. The operation remains live and poses an immediate threat to unwary customers of targeted institutions.

This domain was flagged by 12 of 95 VirusTotal vendors, indicating partial but not universal detection coverage. It resolves to IP 188.114.97.3, was registered on August 16, 2024 via NICENIC INTERNATIONAL GROUP CO., LIMITED, and holds a Google Trust Services SSL certificate. Despite its seemingly legitimate SSL infrastructure, the domain’s short age and high-risk association warrant heightened scrutiny.

Security teams and end users should treat kra25at.com as hostile and block all access immediately. Network defenders are advised to add the domain and its resolved IP to firewall and DNS blocklists. Organizations should also inspect internal DNS logs for recent resolutions to this domain and scan endpoints for signs of credential harvesting. Users who may have entered login details should change passwords immediately and enable multi-factor authentication on all banking accounts. Monitor for follow-on phishing campaigns leveraging stolen credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-08-16 07:47:29
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f06af2fd-6787-4666-a0a9-fb862f3a2b57
- PhishDestroy: https://phishdestroy.io/domain/kra25at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra25at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra25at.com/
Last updated: 2026-03-27