# krak20.com — MALICIOUS

> krak20.com hosts a fake login page. VirusTotal flags this domain with 9/95 detections. Check the full report.

## Summary
PhishDestroy identifies krak20.com as an active fake login page phishing domain targeting unsuspecting users. Registered on November 20, 2025, the domain leverages a Let’s Encrypt SSL certificate to appear legitimate while harvesting credentials. No specific brand or drainer kit has been detected in this campaign, suggesting a generic but effective approach to luring victims to a counterfeit login interface.


Technical indicators confirm elevated risk: VirusTotal reports a detection score of 9/95 security vendors, while the domain is blocked by OISD and appears on 1 security blocklist. Registered through Virtualia LLC, krak20.com resolves to IP 103.224.212.201 and has been flagged by Google Safe Browsing (GSB). These factors combine to create a high-risk phishing environment designed to deceive users seeking secure access.


The domain remains active and poses a persistent threat to users who may encounter it. PhishDestroy continues to monitor krak20.com, and security teams are advised to block the domain and IP address immediately. While this domain is flagged by multiple security vendors, users are urged to remain vigilant, verify URLs before entering credentials, and avoid interacting with suspicious login pages. The remaining risk is elevated due to the domain's recent creation and active status.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-20 19:34:18
- Registrar: Virtualia LLC
- IP: 103.224.212.201

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d38737fe-b31b-4588-8082-08d054fd3956
- PhishDestroy: https://phishdestroy.io/domain/krak20.com/
- LLM endpoint: https://phishdestroy.io/domain/krak20.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krak20.com/
Last updated: 2026-03-29