# kra40-at.cc — MALICIOUS

> kra40-at.cc is a crypto drainer site flagged by 13 of 95 VirusTotal vendors. Avoid fake Kraken login pages and verify domains on PhishDestroy.

## Summary
PhishDestroy identifies kra40-at.cc as an active crypto drainer domain currently impersonating the Kraken cryptocurrency exchange.

This domain was flagged by 13 of 95 VirusTotal security vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain resolves to IP address 104.21.84.8, was created on January 19, 2025, and currently holds a Google Trust Services SSL certificate. With a blocklist presence across multiple threat intelligence feeds and low trust scores across detection engines, kra40-at.cc represents an elevated risk to cryptocurrency users seeking legitimate Kraken services.

Given the domain's active status, specific targeting of Kraken users through brand impersonation, and confirmed malicious infrastructure, immediate action is required. Users should avoid accessing this domain under any circumstances. Organizations are advised to implement network-level blocking of the domain and associated IP address (104.21.84.8). Security teams should update firewall rules, DNS sinkholes, and endpoint detection signatures to include kra40-at.cc and its infrastructure indicators. Continuous monitoring for similar domains registered through NICENIC INTERNATIONAL GROUP CO., LIMITED is strongly recommended due to the registrar's association with malicious infrastructure. All cryptocurrency users should verify URLs through PhishDestroy before entering credentials or transferring funds.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-01-19 19:45:52
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.84.8

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bc231f7c-6077-4c90-a88b-0cd8d0166cfb
- PhishDestroy: https://phishdestroy.io/domain/kra40-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra40-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra40-at.cc/
Last updated: 2026-03-26