# kra29at.net — MALICIOUS

> PhishDestroy flags kra29at.net as a fake bank login phishing domain hosted on 188.114.97.3 with a Google Trust Services SSL certificate. Check the full report.

## Summary
PhishDestroy identifies kra29at.net as a recently launched phishing site designed to impersonate a financial institution's login portal, tricking users into surrendering sensitive credentials. The threat emerged on February 08, 2025, and has already been detected by 10 out of 95 VirusTotal security vendors. NICENIC INTERNATIONAL GROUP CO., LIMITED registered the domain, which resolves to IP address 188.114.97.3 and operates under a Google Trust Services SSL certificate—a tactic often used to lend false legitimacy to malicious sites.  Despite its polished appearance, kra29at.net has rapidly gained a presence on blocklists, reflecting the growing recognition of its malicious intent. The domain's short operational history and high-risk indicators, including a low detection-to-flag ratio, underscore the urgency for user vigilance. Security researchers emphasize that domains registered through certain registrars may prioritize rapid turnover over security checks, enabling fraudsters to exploit gaps.  If you visited kra29at.net and entered any information, immediately change passwords for all financial accounts and monitor for unauthorized transactions. Run a full system scan using updated antivirus software, and avoid clicking suspicious links or downloading attachments. Report the domain to your bank or financial service provider and submit a phishing report to organizations like the Anti-Phishing Working Group (APWG) or your local cybercrime unit.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 09:54:40
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4ed0772e-ea27-446d-8bc2-bd19f957e6e9
- PhishDestroy: https://phishdestroy.io/domain/kra29at.net/
- LLM endpoint: https://phishdestroy.io/domain/kra29at.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra29at.net/
Last updated: 2026-03-28