# kraa21-cc.com — MALICIOUS

> kraa21-cc.com is a credential harvesting domain impersonating a cryptocurrency exchange, flagged by 20 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies kraa21-cc.com as an active credential harvesting domain currently posing an elevated risk to users. This domain is not associated with any legitimate cryptocurrency exchange and has been confirmed to engage in fraudulent activities aimed at stealing user credentials and sensitive financial information.


This domain was flagged by 20 of 95 VirusTotal security vendors, indicating significant malicious activity. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP address 185.226.92.168, and was created on April 05, 2025. The domain utilizes a Let's Encrypt SSL certificate to appear legitimate, further increasing its deceptive potential. PhishDestroy confirms that kraa21-cc.com has not been widely blocked by major threat intelligence platforms at this time, leaving users vulnerable to potential exposure.


PhishDestroy assesses the current status of kraa21-cc.com as active and dangerous, with a high likelihood of continued malicious operations. Users are strongly advised to avoid accessing this domain under any circumstances and to report it to their security teams or relevant authorities. Organizations should consider blocking IP address 185.226.92.168 and the domain itself at the network level to prevent potential compromise. If any user has interacted with this domain, immediate password changes and monitoring for unauthorized transactions are strongly recommended. Additionally, users should verify the legitimacy of any cryptocurrency exchange platform by cross-referencing official domains and using multi-factor authentication wherever possible.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-05 12:27:53
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 20 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0b9d7ef9-4b5b-417a-8a4d-81571c2602d7
- PhishDestroy: https://phishdestroy.io/domain/kraa21-cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kraa21-cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraa21-cc.com/
Last updated: 2026-03-27