# www--kra--37--at.ru — SUSPICIOUS

> PhishDestroy identifies www--kra--37--at.ru as an active credential-harvesting site. Google certificate and 2/95 VirusTotal flags. Check the full report.

## Summary
PhishDestroy identifies www--kra--37--at.ru as an elevated-risk credential-harvesting domain currently active in the wild. The site masquerades as a legitimate service to trick users into surrendering login credentials, posing significant risk to account takeover and data exposure. Immediate action is advised for organizations and individuals who may have interacted with this domain.  

This domain was registered through DOMENUS-RU on August 19, 2025, and resolves to 188.114.96.3. Despite using a Google Trust Services SSL certificate—often abused to appear trustworthy—only 2 out of 95 VirusTotal security vendors have flagged it, indicating low initial detection rates. The domain remains unlisted on major blocklists as of this assessment, increasing the likelihood of successful user deception.  

To mitigate credential-harvesting risks, users should avoid interacting with www--kra--37--at.ru and report suspicious login pages immediately. Organizations are advised to inspect outbound traffic for connections to 188.114.96.3 and block the domain at the network perimeter. Enable multi-factor authentication (MFA) across all services and conduct user awareness training on recognizing phishing lures, especially those using legitimate-looking domains and SSL certificates.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-19 01:32:02
- Registrar: DOMENUS-RU
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f15c0a62-4b5b-449d-b3d2-ef74459b5f7c
- PhishDestroy: https://phishdestroy.io/domain/www--kra--37--at.ru/
- LLM endpoint: https://phishdestroy.io/domain/www--kra--37--at.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www--kra--37--at.ru/
Last updated: 2026-03-28