# at-kra20.cc — MALICIOUS

> Domain at-kra20.cc identified as a crypto drainer phishing campaign. VirusTotal flags 15/95 vendors. Immediate action required to block.

## Summary
PhishDestroy identifies active crypto drainer campaign linked to domain at-kra20.cc. Initial analysis confirms this domain is weaponized for cryptocurrency theft through fraudulent transaction prompts. The domain impersonates legitimate services to deceive users into connecting wallets and authorizing malicious transfers. No direct association with a specific cryptocurrency brand has been verified at this time, suggesting an opportunistic targeting strategy. Seed: 7bcd70.    Technical indicators reveal consistent malicious infrastructure: the domain was registered on November 6, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to IP 188.114.97.3 and holds a valid SSL certificate issued by Google Trust Services, enhancing its deceptive appearance. As of latest scan, 15 out of 95 VirusTotal security vendors flag this domain as malicious. Google Safe Browsing (GSB) classification remains unverified in public sources. The domain exhibits a high-risk profile due to recent creation in conjunction with active deployment and partial detection evasion. Blocklist coverage is partial with cross-vendor detection at 15.8%, indicating potential exposure to unprotected users. Seed: 7bcd70.    This domain remains active as of the most recent intelligence update. Current status reflects ongoing threat activity with verified cryptocurrency drainer functionality. Immediate recommended actions include network-level blocking of 188.114.97.3 and domain at-kra20.cc, along with browser security policy enforcement to block the domain via GSB or enterprise blocklists. End users should be advised to avoid interaction and report any encountered wallet drainer prompts. While detection is improving, the domain’s recent registration and active status elevate the residual risk. Continuous monitoring for infrastructure shifts, new subdomains, or certificate changes is advised. Seed: 7bcd70.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-06 17:30:06
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f24c5fe0-097d-47cb-8d30-c7a92db10637
- PhishDestroy: https://phishdestroy.io/domain/at-kra20.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-kra20.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-kra20.cc/
Last updated: 2026-03-26