# kra54.at — SUSPICIOUS

> kra54.at is a live phishing domain mimicking legitimate login portals to harvest credentials. Resolves to 104.21.13.129 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies kra54.at as an active phishing domain registered through Edomains LLC and hosted on IP 104.21.13.129. This domain poses a direct credential theft risk by masquerading as a legitimate service, tricking users into submitting login credentials or sensitive information. The threat actor leverages a Google Trust Services SSL certificate to enhance credibility, making the page appear secure to unsuspecting visitors. The domain has not yet been flagged by security vendors, with 0 detections out of 95 on VirusTotal at the time of analysis. These indicators suggest a recently deployed campaign, likely targeting users unfamiliar with the domain or expecting correspondence from the spoofed entity.  This domain was flagged by PhishDestroy under seed d73843 and is currently under investigation due to its active status and low detection rate. The registrar, Edomains LLC, has been implicated in previous phishing campaigns, though this alone is not conclusive evidence of malicious intent. The domain resolves to a single IP address (104.21.13.129) shared with other suspicious domains, increasing the risk of lateral movement or broader infrastructure compromise. Users should treat any interaction with kra54.at as high-risk, especially if prompted for login credentials, payment details, or personal data.  If you have visited kra54.at, immediately cease any data entry and inspect your device for signs of compromise, such as unauthorized logins or unusual network activity. Do not re-enter credentials or sensitive information on this domain. Report the domain to your IT security team or use tools like PhishDestroy’s browser extension to block further access. If you entered credentials, change passwords immediately and enable multi-factor authentication where possible. Monitor accounts for suspicious activity and consider running a malware scan on your device. Avoid interacting with this domain entirely, as the threat remains active and undetected by most security solutions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Edomains LLC ( https://nic.at/registrar/728 )
- IP: 104.21.13.129

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5c39cd5f-383f-4b49-b288-6926773443b4
- PhishDestroy: https://phishdestroy.io/domain/kra54.at/
- LLM endpoint: https://phishdestroy.io/domain/kra54.at/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra54.at/
Last updated: 2026-03-22