# kra23--at.cc — MALICIOUS

> Caution: kra23--at.cc acts as a crypto credential theft domain; flagged by 16 of 95 VirusTotal vendors. Avoid use immediately.

## Summary
A newly activated cryptocurrency credential theft domain, kra23--at.cc, has been identified as actively engaged in fraudulent activity aimed at digital asset users.

This domain—kra23--at.cc—has been verified as an active crypto credential theft site. PhishDestroy identifies it as malicious and currently blocking access. It impersonates a well-known cryptocurrency exchange platform to deceive visitors into entering login credentials, which are then harvested for unauthorized access and fund theft. The domain remains accessible and is currently classified as elevated-risk with active operations.

Security intelligence confirms kra23--at.cc was registered on July 15, 2025, via NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 185.226.92.168. The site holds an SSL certificate issued by Let’s Encrypt and has been flagged by 16 of 95 VirusTotal vendors. Additionally, it appears on two major blocklists, including detection by MetaMask and PhishDestroy, indicating broad consensus on its malicious nature. The domain’s recent creation and low trust scores elevate the risk of successful compromise for cryptocurrency holders.

Users are strongly advised to immediately block kra23--at.cc at the network and DNS levels. Never enter credentials or sensitive information on this domain. Verify all URLs manually and use multi-factor authentication (MFA) on cryptocurrency accounts. Organizations should update firewall and endpoint protection rules to include kra23--at.cc and its resolving IP. Report any interactions with this domain to security teams or relevant threat intelligence platforms. Exercise heightened vigilance when accessing cryptocurrency platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-15 15:34:44
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/07ab2f6e-fb04-4579-87a4-126b90d33cb0
- PhishDestroy: https://phishdestroy.io/domain/kra23--at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra23--at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra23--at.cc/
Last updated: 2026-03-26