# kra-30at.cc — MALICIOUS

> kra-30at.cc is a crypto-draining phishing site flagged by 15/95 VirusTotal scanners. Created on Feb 9, 2025, it mimics a legitimate exchange login portal and.

## Summary
kra-30at.cc is a recently activated crypto-draining phishing domain designed to trick users into entering their wallet credentials or private keys under the guise of a legitimate cryptocurrency exchange login portal. The site leverages social engineering tactics by closely mimicking the branding and interface of a well-known exchange, aiming to deceive visitors into unknowingly surrendering their sensitive authentication details. Once harvested, these credentials can be used by attackers to drain funds directly from the victim’s cryptocurrency wallets. This type of attack is particularly dangerous due to the irreversible nature of crypto transactions, leaving victims with little to no recourse after a successful breach. PhishDestroy identifies this as an elevated-risk threat due to its active deployment and the high likelihood of user deception.  This domain was flagged as malicious by 15 out of 95 security vendors on VirusTotal, indicating a substantial risk but not yet universal detection. The domain kra-30at.cc was created on February 09, 2025, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for hosting a wide range of domains, some of which have been linked to malicious activity in the past. The site resolves to the IP address 104.21.66.252, which is associated with other suspicious domains and has been flagged in multiple threat intelligence feeds. The SSL certificate, issued by Google Trust Services, adds a veneer of legitimacy, further increasing the site’s potential to deceive unsuspecting users.  If you have visited kra-30at.cc, immediately disconnect from the internet to prevent any ongoing data exfiltration and disconnect any connected cryptocurrency wallets or hardware devices. Do not enter any credentials or private keys on the site, as this information may already be compromised. Run a full system scan using reputable antivirus software to detect and remove any potential malware that may have been installed during your visit. Revoke any permissions granted to the site on your wallet or exchange accounts, and consider transferring any remaining funds to a new, secure wallet with updated credentials. Report the domain to PhishDestroy and your local cybercrime unit to help mitigate further attacks. Always verify URLs through trusted sources like PhishDestroy before entering sensitive information online.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-09 20:31:21
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.66.252

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6cfd9115-df6e-4053-96f5-3df97009665d
- PhishDestroy: https://phishdestroy.io/domain/kra-30at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-30at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-30at.cc/
Last updated: 2026-03-26