# kra27at.cc — MALICIOUS

> kra27at.cc is a crypto drainer impersonating Kraken; 14/95 security vendors flag this domain. Avoid interactions and report immediately.

## Summary
PhishDestroy identifies kra27at.cc as an active crypto drainer posing as a legitimate cryptocurrency service. This domain mimics authentic branding to trick users into connecting wallets or entering credentials, enabling unauthorized fund transfers. Security solutions like MetaMask have already blocked this domain, but the threat remains in circulation due to its recent registration and SSL certification through Google Trust Services.


This domain was flagged by 14 out of 95 VirusTotal security vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on November 03, 2024. It appears on one security blocklist and resolves to IP 104.21.91.51. Its recent creation and partial SSL legitimacy suggest an attempt to evade detection while targeting crypto users during high-activity periods. The combination of low blocklist presence and partial vendor detection indicates this is an emerging but dangerous threat.


Users who visited kra27at.cc should immediately disconnect any connected wallets, revoke any granted permissions via blockchain explorers, and scan their devices for malware. Report the domain to your security provider and avoid similar domains. Enable wallet protection features like transaction simulation and never enter credentials on untrusted sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-03 18:43:07
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.91.51

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3851aeab-a139-4f8e-bb53-db9f342e18ee
- PhishDestroy: https://phishdestroy.io/domain/kra27at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra27at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra27at.cc/
Last updated: 2026-03-26