# kra35--at.cc — MALICIOUS

> kra35--at.cc active as credential theft phishing page, flagged by 15/95 VirusTotal engines. Act now to block this domain.

## Summary
PhishDestroy identifies kra35--at.cc as an active credential theft phishing domain masquerading as a legitimate authentication portal. The page employs generic branding to lure victims into submitting login credentials under false pretenses, with no evidence of a crypto drainer kit or specific brand impersonation beyond opportunistic deception. Registrants are prompted to input credentials that are likely harvested for unauthorized access to targeted accounts, enabling follow-on attacks such as account takeover or lateral movement within compromised environments.  This domain was flagged by 15 out of 95 VirusTotal security vendors and appears on one public blocklist, including OISD. The infrastructure resolves to IP 185.226.92.168, which is associated with hostile hosting activity. The domain was registered on July 16, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and secured a Let’s Encrypt SSL certificate to enhance its perceived legitimacy. Google Safe Browsing has not yet flagged the domain, indicating a window of opportunity for threat actors to exploit before widespread detection.  As of current analysis, kra35--at.cc remains active and unblocked by major browsers. Immediate containment is advised via DNS and firewall blocking of the domain and associated IP. Users should be alerted to avoid interaction and verify any suspicious login prompts through official channels. Despite moderate detection coverage, the recent creation date and low blocklist presence suggest elevated risk potential. Organizations are urged to implement strict access controls and monitor for anomalous authentication activity linked to this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-16 19:13:04
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ada3ee31-061f-42a0-acc8-46a113c042a7
- PhishDestroy: https://phishdestroy.io/domain/kra35--at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra35--at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra35--at.cc/
Last updated: 2026-03-26