# kra--22.cc — SUSPICIOUS

> Domain kra--22.cc poses as a crypto drainer stealing funds via credential theft. PhishDestroy flags it with VirusTotal detecting 1/95 vendors.

## Summary
Domain kra--22.cc has been identified as an active crypto drainer designed to deceive users into transferring cryptocurrency assets under false pretenses. This fraudulent site mimics legitimate cryptocurrency platforms or services to trick users into connecting their digital wallets or entering sensitive credentials. Upon interaction, the domain may execute unauthorized transactions or exfiltrate wallet data through malicious scripts embedded in its pages. Security researchers have confirmed behavioral patterns consistent with crypto drainers, including the rapid transfer of funds to controlled wallet addresses once credentials are exposed. Users who access this domain risk immediate financial loss with no recourse for recovery.  PhishDestroy identifies kra--22.cc as a high-risk threat with conclusive technical indicators. This domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and first observed on April 04, 2025 — a recent creation with minimal legitimacy. VirusTotal reports detection by only 1 out of 95 security vendors, highlighting its evasive nature and low prior exposure. The domain resolves to IP address 188.114.96.3 and is secured with an SSL certificate issued by Google Trust Services, a tactic often used to appear trustworthy. Most critically, it has been blocked by PhishDestroy and appears on one active security blocklist, confirming malicious classification by authoritative sources.  If you have visited kra--22.cc or entered any information on this site, immediately disconnect your wallet from the platform and revoke any unauthorized permissions through your wallet interface. Transfer any remaining assets to a new, secure wallet address not linked to the compromised one. Scan your device for malware using a reputable antivirus tool and change all related passwords, especially those used to access cryptocurrency services. Report the domain to your wallet provider and local cybercrime authorities to aid in investigation and takedown efforts. Stay vigilant: crypto drainers evolve rapidly, and legitimate platforms do not solicit funds through unsolicited links.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-04 17:41:49
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b69def90-2486-4fee-adc6-a31f1d106ab3
- PhishDestroy: https://phishdestroy.io/domain/kra--22.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra--22.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra--22.cc/
Last updated: 2026-03-26