# kra28cc-at.com — MALICIOUS

> kra28cc-at.com is a crypto drainer credential theft domain with 16/95 VirusTotal detections. Avoid entering wallet details—this domain mimics legitimate crypto.

## Summary
PhishDestroy identifies kra28cc-at.com as an active credential theft domain impersonating cryptocurrency wallet services. This domain employs deceptive tactics to harvest sensitive wallet credentials, posing a direct financial risk to users. The elevated risk level reflects the domain's confirmed malicious behavior, with 16 out of 95 security vendors flagging it on VirusTotal as of the latest analysis.


This domain was flagged with a crypto drainer credential theft signature and exhibits multiple indicators of compromise. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 14, 2025, the domain resolves to IP address 104.21.93.138. Despite holding a Google Trust Services SSL certificate, the domain's recent creation date and low trust score among vendors suggest it was likely registered for malicious purposes. The 16/95 VirusTotal detection rate aligns with typical crypto drainer domains, which often evade initial detection due to rapid infrastructure changes.


To mitigate exposure to kra28cc-at.com, users should avoid interacting with any links or websites associated with this domain, especially those requesting cryptocurrency wallet credentials. Security teams should block the domain at the network level and monitor for outbound connections to 104.21.93.138. If credentials or assets have been compromised, users should immediately revoke wallet access, transfer funds to a secure wallet, and report the incident to relevant cryptocurrency platforms. Always verify the authenticity of crypto-related websites through official channels before entering sensitive information.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-14 19:21:19
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.93.138

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/da9184b7-167c-452f-b537-8d4a3739e5c8
- PhishDestroy: https://phishdestroy.io/domain/kra28cc-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra28cc-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra28cc-at.com/
Last updated: 2026-03-27