# kra32-at.net — SUSPICIOUS

> The domain kra32-at.net is linked to a generic phishing campaign resolving to IP 104.21.14.236, posing as a bank login portal.

## Summary
PhishDestroy identifies kra32-at.net as a generic phishing domain currently under active investigation for potential credential harvesting and banking fraud campaigns. The domain’s rapid registration on May 16, 2025, combined with its operational infrastructure tied to IP 104.21.14.236 and the use of a Google Trust Services SSL certificate, suggests an attempt to appear legitimate while hosting fraudulent login pages. This domain is classified as a generic phishing threat and remains unblocked by current detection systems, warranting immediate scrutiny.  This domain was flagged by 0 of 95 VirusTotal vendors, indicating a lack of widespread detection despite its active status. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP 104.21.14.236. The domain was created on May 16, 2025, and currently shows no presence on major threat intelligence blocklists. Technical indicators include a Google Trust Services SSL certificate, which may be leveraged to bypass naive browser warnings or gain user trust during phishing lures.  The current status of kra32-at.net remains active and under investigation as of seed 4e47d1. PhishDestroy recommends that users avoid interacting with this domain, particularly any prompts for login credentials or personal data entry. Organizations should block kra32-at.net at the network perimeter and update endpoint protection rules to detect and quarantine traffic to this IP and domain. Users who may have entered sensitive information on this domain should immediately reset their passwords on all associated accounts and monitor for signs of credential misuse. This campaign highlights the importance of verifying domain authenticity, using multi-factor authentication, and relying on up-to-date threat intelligence feeds to prevent account takeovers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-05-16 18:43:21
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.14.236

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ae6ae047-fc4f-43fd-811b-bbefdd1ba3d3
- PhishDestroy: https://phishdestroy.io/domain/kra32-at.net/
- LLM endpoint: https://phishdestroy.io/domain/kra32-at.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra32-at.net/
Last updated: 2026-03-28