# kra33-at.com — MALICIOUS

> Security analysis reveals kra33-at.com as an active phishing domain. 9/95 security vendors flag it, creating fake login pages to steal credentials.

## Summary
PhishDestroy identifies kra33-at.com as an active phishing domain masquerading as a legitimate service to harvest user credentials through fake authentication portals. The threat involves generic phishing via a deceptive domain designed to mimic a trusted entity, with a drainer kit likely deployed on the associated IP infrastructure. This attack vector leverages spoofed login pages to trick victims into submitting sensitive information, including passwords and payment details, under false pretenses.  

This domain exhibits multiple red flags validated by independent research. VirusTotal confirms 9/95 security vendors detect malicious activity linked to kra33-at.com, while the domain resolves to IP address 188.114.97.3. The domain was registered on November 02, 2024, through NICENIC INTERNATIONAL GROUP CO., LIMITED, suggesting recent acquisition aligned with malicious intent. Notably, the SSL certificate is issued by Google Trust Services, a tactic often exploited to increase perceived legitimacy and bypass browser warnings despite underlying malicious behavior. Detection coverage remains moderate, indicating evasion techniques may be in play.  

Given the elevated risk rating and high likelihood of user interaction, kra33-at.com currently poses an active threat to unwary visitors. Immediate blocking at DNS and firewall levels is strongly recommended to prevent access. While 9/95 vendors detect this threat, additional monitoring via threat intelligence platforms is advised due to potential variability in signatures. Remaining risk is classified as elevated due to the domain's recent registration, low domain age, and partial SSL validation being leveraged for deception. Users should avoid accessing this domain entirely and report any suspected interactions to security teams for further analysis.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-02 16:54:37
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6f5d50c4-c198-4522-9f62-17d579f2a3b1
- PhishDestroy: https://phishdestroy.io/domain/kra33-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra33-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra33-at.com/
Last updated: 2026-03-27