# kra----34----cc.sbs — MALICIOUS

> PhishDestroy identifies kra----34----cc.sbs as an active crypto drainer kit posing as Kraken exchange. VirusTotal flags this domain with 7/95 detections.

## Summary
PhishDestroy identifies kra----34----cc.sbs as an active crypto drainer kit impersonating the Kraken cryptocurrency exchange platform. The domain leverages spoofed branding to trick victims into connecting cryptocurrency wallets and transferring funds to attacker-controlled addresses. This operation is consistent with modern drainer-as-a-service (DaaS) models, where threat actors deploy pre-built phishing kits to harvest private keys, seed phrases, and transaction approvals from unwitting users. The kit likely includes fake deposit pages, wallet connection prompts, and transaction simulation interfaces designed to deceive even security-conscious users.  

This domain was flagged by 7 out of 95 VirusTotal security vendors and registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on June 30, 2025. It resolves to IP address 193.105.134.22 and uses an SSL certificate issued to 'Internet Widgits Pty Ltd.' The domain has not been categorized as a known malicious site in Google Safe Browsing (GSB) as of this analysis, though this may change as reporting increases. The combination of a newly registered domain, low but persistent detection ratio, and recent creation date suggests early-stage deployment with potential for rapid expansion if not contained.  

The campaign is currently active and presents elevated risk due to its use of legitimate-looking infrastructure and cryptocurrency branding. Immediate action is required: users should block kra----34----cc.sbs at DNS and firewall levels and avoid accessing the site under any circumstances. Organizations are advised to update threat intelligence feeds to include this domain and IP using seed b77709 for tracking consistency. Remaining risk includes potential domain rotation, IP reuse, or expansion to similar drainer kits. Continuous monitoring and proactive blocking are essential to prevent wallet compromise and fund loss. The threat level remains elevated pending further takedown actions or takedown success.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Page title: kra----34----cc.sbs

## Domain Intelligence
- Registered: 2025-06-30 02:10:56
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 193.105.134.22

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a9dc2ef5-6d4a-42b6-85f5-d6d5c29ce788
- PhishDestroy: https://phishdestroy.io/domain/kra----34----cc.sbs/
- LLM endpoint: https://phishdestroy.io/domain/kra----34----cc.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra----34----cc.sbs/
Last updated: 2026-03-29