# kra-36i.ru — SUSPICIOUS

> kra-36i.ru is an active crypto drainer impersonating login pages. This domain, registered June 7, 2025, was flagged by 1/95 security vendors.

## Summary
PhishDestroy identifies kra-36i.ru as an active crypto drainer domain designed to impersonate legitimate login interfaces, likely targeting cryptocurrency users. The domain is registered through RU-CENTER-RU and resolves to IP address 188.114.97.3. Technical analysis indicates the threat operates as a generic phishing campaign, leveraging deceptive login pages to harvest credentials or initiate unauthorized transactions.  

This domain was flagged by VirusTotal with a detection score of 1 out of 95 security vendors. The domain was created on June 07, 2025, and utilizes an SSL certificate issued by Google Trust Services, which may enhance its credibility. Despite the low detection rate, the presence of a valid SSL certificate and recent registration date suggest an evolving threat aimed at evading detection. The domain remains unlisted on major blocklists at this time, indicating a newly active campaign.  

As of current analysis, kra-36i.ru remains active with an elevated risk level. Users are advised to avoid interacting with this domain and verify any suspicious links using PhishDestroy’s real-time threat intelligence platform. Immediate blocking of the associated IP (188.114.97.3) and domain is recommended to mitigate potential exposure. While the immediate risk is elevated, proactive monitoring and user vigilance are critical to preventing credential theft or financial loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-07 20:22:08
- Registrar: RU-CENTER-RU
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ba442c6a-25a1-4e9e-9f53-bd23ca007ff5
- PhishDestroy: https://phishdestroy.io/domain/kra-36i.ru/
- LLM endpoint: https://phishdestroy.io/domain/kra-36i.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-36i.ru/
Last updated: 2026-03-28