# kra49-at.cc — MALICIOUS

> kra49-at.cc is a confirmed crypto drainer posing as a fake login portal. VirusTotal flags 5/95 vendors; avoid this domain and verify on PhishDestroy.

## Summary
PhishDestroy identifies kra49-at.cc as an active crypto drainer domain designed to steal cryptocurrency assets from unsuspecting users. This domain mimics legitimate crypto service login pages, tricking visitors into entering their credentials or wallet information, which are then harvested by threat actors for unauthorized fund transfers. The infrastructure leverages deceptive domain naming to appear authentic, capitalizing on typosquatting techniques to lure victims under the guise of a popular platform.  kra49-at.cc exhibits multiple red flags confirmed by forensic analysis. The domain was registered on April 25, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 188.114.96.3. VirusTotal’s detection score stands at 5/95 security vendors, indicating limited but present recognition of malicious activity. Despite hosting a Google Trust Services SSL certificate—which attackers often exploit to appear legitimate—this domain has been flagged by multiple threat intelligence sources. The combination of recent creation, low VT detection, and active infrastructure suggests a rapidly evolving threat with potential to expand.  This domain remains active as of the latest analysis, with no evidence of takedown or remediation. Users are strongly advised to avoid interacting with kra49-at.cc and to report any encounters to PhishDestroy for immediate analysis. The elevated risk level persists due to the domain’s ongoing availability and the absence of proactive blocking by major browsers or registrars. Remaining risk includes continued exploitation by threat actors, potential expansion to related domains, and increased targeting of crypto holders. To mitigate exposure, users should validate URLs manually, use security tools like PhishDestroy, and avoid entering sensitive information on untrusted sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-25 19:50:03
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0a9742ae-770b-436b-90de-e5a26be0a640
- PhishDestroy: https://phishdestroy.io/domain/kra49-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra49-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra49-at.cc/
Last updated: 2026-03-26