# kra24at.com — MALICIOUS > kra24at.com is a confirmed crypto phishing site mimicking Kraken exchange. 5/95 VirusTotal engines flag this domain linked to IP 104.21.70.229. ## Summary kra24at.com is an active cryptocurrency phishing domain posing an elevated risk to users seeking to access legitimate Kraken exchange services. This domain specifically targets individuals likely attempting to log into their Kraken accounts, harvesting credentials and potentially enabling unauthorized access to cryptocurrency funds. The infrastructure is designed to deceive users through domain similarity and appears to be part of a broader campaign aimed at cryptocurrency theft. kra24at.com was registered on August 16, 2024, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often exploited for fraudulent domain registrations due to lax verification processes. VirusTotal analysis confirms that 5 out of 95 security vendors have flagged this domain as malicious, indicating emerging but recognized threat activity. The domain resolves to the IP address 104.21.70.229, which is associated with Cloudflare infrastructure, a common hosting provider for phishing sites due to its anonymity protections. Despite the presence of an SSL certificate issued by Google Trust Services, this does not validate the site’s legitimacy, as threat actors frequently exploit trusted certificate authorities to enhance phishing credibility. The combination of a newly registered domain, low detection rates, and use of reputable hosting and SSL services suggests a sophisticated and evolving threat designed to evade early detection. Users should immediately cease any interaction with kra24at.com and avoid entering login credentials or personal information. If credentials were entered, users must change passwords on all accounts using the same or similar passwords and enable two-factor authentication where available. Block the domain at the network level using DNS filtering tools and report the domain to relevant cybersecurity platforms such as PhishTank, Google Safe Browsing, or your organization’s threat intelligence team. Organizations should consider blocking the associated IP address and investigating internal DNS logs for any historical resolution attempts to kra24at.com, as this may indicate prior compromise. Proactive monitoring for similar domains and sharing threat indicators with peers can help prevent further victimization. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2024-08-16 07:46:37 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.70.229 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/757d09d6-03d4-41f9-aed3-876815b57da0 - PhishDestroy: https://phishdestroy.io/domain/kra24at.com/ - LLM endpoint: https://phishdestroy.io/domain/kra24at.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kra24at.com/ Last updated: 2026-03-27