# kra-21c.cc — MALICIOUS

> kra-21c.cc is a live crypto wallet drainer scam. 5/95 security vendors flag this domain resolving to 104.21.9.247.

## Summary
PhishDestroy identifies active domain kra-21c.cc as a generic phishing host impersonating cryptocurrency wallet login pages to harvest seed phrases and private keys. The infrastructure is provisioned as a drainer kit targeting users of decentralized finance applications, intending to siphon cryptocurrency assets under the guise of wallet authentication. The domain is currently live and resolving to IP 104.21.9.247, indicating active operation with no takedown observed.  This domain was flagged by 5 out of 95 security vendors on VirusTotal, indicating limited early detection. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 04, 2025, and is secured with a Google Trust Services SSL certificate suggesting a false appearance of legitimacy. At the time of analysis, kra-21c.cc remains unlisted on major blocklists, increasing exposure to potential victims. The creation date is recent, showing opportunistic deployment consistent with fast-flux or disposable phishing tactics.  Current status is active with elevated risk due to active hosting and lack of widespread blocking. Immediate response includes blacklisting the domain and IP 104.21.9.247 at network and endpoint levels. Users are advised to avoid visiting kra-21c.cc, verify URLs via official sources, and enable multi-factor authentication on wallets. Remaining risk is high for crypto users who may encounter the domain via social engineering or malvertising. Ongoing monitoring is required to track propagation and block propagation vectors.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 17:38:25
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.9.247

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bd0f5c2f-d2a3-4486-90f0-18a565e68f57
- PhishDestroy: https://phishdestroy.io/domain/kra-21c.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-21c.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-21c.cc/
Last updated: 2026-03-26