# kraa23-at.com — SUSPICIOUS

> kraa23-at.com is a credential-harvesting site active since April 24, 2025. It evades 0/95 VirusTotal detections while posing as a login portal.

## Summary
PhishDestroy identifies kraa23-at.com as a credential-harvesting domain actively tricking users into surrendering login credentials under the guise of a legitimate service.


This domain was flagged by PhishDestroy after it appeared on one security blocklist and was registered on April 24, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal currently shows 0 detections despite its malicious activity, and it resolves to IP 185.226.92.168 using a Let’s Encrypt SSL certificate to appear trustworthy.


If you visited kraa23-at.com, do not enter any usernames, passwords, or payment details. Close the tab immediately and run a malware scan on your device. Avoid clicking any links from emails or messages claiming to be from kraa23-at.com. Report the domain to your email provider or security software to help block future attempts. Monitor your accounts for unusual activity and consider enabling two-factor authentication where possible.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-24 21:22:52
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dc90f49f-c234-4e0b-b0a6-56f5da39736a
- PhishDestroy: https://phishdestroy.io/domain/kraa23-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kraa23-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraa23-at.com/
Last updated: 2026-03-27