# kra-32---cc.sbs — SUSPICIOUS

> PhishDestroy identifies kra-32---cc.sbs as an active crypto drainer impersonating Kraken. VirusTotal flags 4/95 vendors. Block access immediately.

## Summary
PhishDestroy identifies kra-32---cc.sbs as an active crypto drainer domain designed to deceive users into connecting malicious wallets. The page mimics legitimate cryptocurrency platforms, specifically targeting victims with promises of fake airdrops or exchange integrations. This domain is part of a broader campaign leveraging impersonation tactics to siphon funds from unsuspecting users.  

Technical analysis reveals this domain was registered on June 27, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP 193.105.134.24. VirusTotal analysis flags the domain with a detection ratio of 4 out of 95 security vendors, indicating limited but present suspicion. No known inclusion in Google Safe Browsing (GSB) or major blocklists was observed at the time of analysis, suggesting a recently deployed or stealthily operated campaign.  

The domain remains active as of the latest intelligence, with no observable takedown actions. Immediate blocking of kra-32---cc.sbs and the associated IP (193.105.134.24) is advised to mitigate exposure. Users should exercise heightened caution when encountering domains with cryptocurrency-related branding, especially those with unconventional naming patterns or recent registrations. Remaining risk is elevated due to the domain's active status and the potential for further obfuscation or expansion of the campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: kra-32---cc.sbs

## Domain Intelligence
- Registered: 2025-06-27 11:08:15
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 193.105.134.24

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/83b1d9ca-c8c5-4fee-83bb-246977059449
- PhishDestroy: https://phishdestroy.io/domain/kra-32---cc.sbs/
- LLM endpoint: https://phishdestroy.io/domain/kra-32---cc.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-32---cc.sbs/
Last updated: 2026-03-29