# at-kra49.cc — MALICIOUS

> at-kra49.cc is a crypto drainer phishing site flagged by 8 of 95 vendors. Users should verify its status on PhishDestroy before interacting.

## Summary
PhishDestroy identifies at-kra49.cc as an active phishing domain specializing in crypto drainer scams. While no specific brand impersonation or drainer kit has been confirmed, the domain's primary threat vector targets cryptocurrency users by attempting to steal credentials or wallet information through fraudulent means.

Technical indicators reveal that at-kra49.cc was created recently on September 17, 2025. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolved to the IP address 188.114.96.3 at the time of analysis. VirusTotal reports that 8 out of 95 security vendors flagged this domain as malicious, indicating a significant yet not unanimous detection. The domain holds an SSL certificate issued by Google Trust Services, which may lend it deceptive legitimacy. There is no mention of Google Safe Browsing blacklisting, but the domain is under elevated risk due to the number of vendor detections and its active status.

Currently, at-kra49.cc remains active and classified as elevated risk due to its role in crypto drainer phishing campaigns. Security teams are advised to block access and monitor network traffic for connections to this domain. End users should avoid entering any personal or wallet information on this site and verify its safety status on PhishDestroy before any interaction. Despite partial detection coverage, the presence of an SSL certificate and recent creation date suggest ongoing efforts to exploit users, underscoring the persistent threat this domain poses.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-17 17:52:10
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e3884659-f94d-4a62-a23b-1c1e2edae2e3
- PhishDestroy: https://phishdestroy.io/domain/at-kra49.cc/
- LLM endpoint: https://phishdestroy.io/domain/at-kra49.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/at-kra49.cc/
Last updated: 2026-03-26