# at-kra40.cc — MALICIOUS

> at-kra40.cc is a crypto drainer impersonating MetaMask. Blocked by PhishDestroy & MetaMask. Verify on PhishDestroy: d8bcc4

## Summary
PhishDestroy identifies at-kra40.cc as an active crypto drainer impersonating MetaMask login pages. This elevated-risk domain is designed to trick users into connecting their cryptocurrency wallets and drain funds. Security teams should prioritize blocking this domain immediately due to its confirmed malicious intent and recent activity.


This domain was flagged by 14 of 95 VirusTotal security vendors and appears on two security blocklists. It resolves to IP 188.114.96.3 and uses a Google Trust Services SSL certificate. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on September 17, 2025, this domain is a recent addition to the threat landscape, engineered specifically to harvest wallet credentials.


To mitigate risk, users should avoid interacting with at-kra40.cc and verify any MetaMask-related links using PhishDestroy. Block the domain at DNS and firewall levels. Organizations should alert employees about this specific crypto drainer, particularly those handling cryptocurrency transactions. The combination of a new domain, low trust scores, and active blocking by MetaMask underscores the urgency to treat this as a high-priority threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-17 17:44:23
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9c9380db-09aa-44bd-b203-1d5fd45d1643
- PhishDestroy: https://phishdestroy.io/domain/at-kra40.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-kra40.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-kra40.cc/
Last updated: 2026-03-26