# kra21-at.cc — MALICIOUS

> kra21-at.cc is a crypto drainer posing as a legitimate login portal. Flagged by 9 of 95 VirusTotal vendors, it targets unsuspecting users to steal digital.

## Summary
PhishDestroy identifies kra21-at.cc as an active crypto drainer scam site currently engaged in malicious operations. This domain is configured to impersonate a legitimate login interface, tricking victims into entering cryptocurrency wallet credentials or private keys, which are then harvested for theft. The threat remains live and poses significant risk to users engaging with the site or its infrastructure.  This domain was flagged by 9 of 95 VirusTotal security vendors, indicating widespread recognition of its malicious nature. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, kra21-at.cc resolves to IP address 188.114.97.3 and was created on October 09, 2024. The domain utilizes a Google Trust Services SSL certificate to enhance its appearance of legitimacy. With a current blocklist count of 9 and elevated risk profile, this domain should be treated with extreme caution.  Given the confirmed malicious status of kra21-at.cc, users are strongly advised to avoid interaction with the domain or its associated infrastructure. Organizations should implement network-level blocking for the domain and IP address 188.114.97.3 to prevent accidental exposure. Additionally, users should verify any suspicious domains through PhishDestroy or similar threat intelligence platforms before proceeding with authentication or transactional activities. Continuous monitoring and proactive threat hunting are recommended to detect potential lateral movement or related malicious domains leveraging similar naming conventions.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-10-09 20:27:59
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/27998a64-7096-4f91-9164-2a3949ddcd6b
- PhishDestroy: https://phishdestroy.io/domain/kra21-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra21-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra21-at.cc/
Last updated: 2026-03-28