# kra-20at.cc — MALICIOUS

> Beware: kra-20at.cc is a crypto drainer phishing site mimicking legitimate platforms. 12/95 security vendors flag it—verify on PhishDestroy before interacting.

## Summary
PhishDestroy identifies kra-20at.cc as an active crypto drainer phishing domain posing as a legitimate service to steal cryptocurrency from unsuspecting users. This domain resolves to IP 104.21.14.218 and was registered on February 08, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain holds a valid SSL certificate issued by Google Trust Services, which may increase its credibility among potential victims.  Evidence supporting this assessment includes its detection by 12 out of 95 security vendors on VirusTotal, indicating widespread suspicion of malicious activity. The recent creation date suggests this is a newly deployed campaign, likely targeting users through social engineering or deceptive links. The combination of a freshly registered domain, valid SSL, and immediate suspicious activity highlights the urgency of detection and mitigation.  Users who visited this domain should immediately disconnect from the internet to prevent potential data or cryptocurrency theft. Scan all devices for malware or unauthorized transactions, especially wallet software. Report any suspicious activities to your cryptocurrency platform and update security measures, including enabling multi-factor authentication. If you suspect exposure to this campaign, verify the legitimacy of any further transactions or communications through official channels before proceeding.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 19:07:52
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.14.218

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2200c544-44b8-494f-b313-e1a2a08bd793
- PhishDestroy: https://phishdestroy.io/domain/kra-20at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-20at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-20at.cc/
Last updated: 2026-03-26