# kra-35.cc — MALICIOUS

> PhishDestroy identifies kra-35.cc as a crypto drainer site with 8/95 VirusTotal detections. This domain mimics Kraken Exchange to steal cryptocurrency.

## Summary
PhishDestroy has identified kra-35.cc as an active crypto drainer impersonating the Kraken Exchange platform. This domain is designed to trick users into connecting compromised cryptocurrency wallets, enabling unauthorized transfers of digital assets without consent. Security teams observed that kra-35.cc resolves to IP address 188.114.97.3 and is flagged by 8 out of 95 VirusTotal security vendors, indicating elevated risk. The domain was registered on November 06, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED and holds a valid SSL certificate issued by Google Trust Services.  

This domain was flagged as a threat based on multiple indicators of malicious intent. VirusTotal shows 8/95 vendors flagging kra-35.cc, suggesting substantial but not universal detection. The registrar, NICENIC INTERNATIONAL GROUP CO., LIMITED, has been associated with numerous low-cost, high-risk domain registrations. Creation date analysis indicates this domain was registered very recently, aligning with active phishing campaigns targeting cryptocurrency users. The presence of a valid SSL certificate may enhance the appearance of legitimacy, deceiving users who rely on HTTPS indicators.  

If you visited kra-35.cc or entered any information, immediately disconnect any connected wallets and revoke permissions through your wallet provider’s interface. Do not interact further with this domain or any linked pages. Report the domain to your IT security team and consider blocking it at the network level. Monitor wallet transactions closely for unauthorized activity and update your threat intelligence feeds with this indicator. Users should rely on verified domain sources and enable multi-factor authentication on all cryptocurrency platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-06 15:52:02
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/485f3fb2-2e8a-461c-b761-1d3356a74c88
- PhishDestroy: https://phishdestroy.io/domain/kra-35.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-35.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-35.cc/
Last updated: 2026-03-26