# kra-37-at.com — SUSPICIOUS

> Beware: kra-37-at.com is a crypto-draining scam site impersonating a login portal. 1 of 95 VirusTotal engines flags it.

## Summary
PhishDestroy identifies kra-37-at.com as an active crypto-draining scam designed to steal cryptocurrency wallet credentials and drain digital assets. The site masquerades as a legitimate login interface, tricking users into entering private keys or wallet passwords which are immediately harvested by the attackers. Once credentials are captured, the threat actors initiate rapid transfers to controlled wallets, leaving victims with irreversible losses.  This domain was flagged by PhishDestroy after VirusTotal analysis revealed that only 1 out of 95 security vendors currently detect it, indicating a low initial detection rate that could expose unwary users. The domain kra-37-at.com was created on February 08, 2025, and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for accommodating high-risk registrations. Despite its recent creation, the site already resolves to IP address 104.21.56.207 and holds a valid SSL certificate from Google Trust Services, giving it a false appearance of legitimacy. These technical indicators suggest a well-coordinated campaign targeting cryptocurrency users.  If you visited kra-37-at.com or entered any wallet credentials, disconnect your device from the internet immediately and transfer remaining funds to a newly generated wallet. Revoke any session tokens or connected permissions via your wallet’s security settings. Report the incident to your wallet provider and local cybercrime authorities. Avoid interacting with this domain and always verify URLs using PhishDestroy before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:25:30
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.56.207

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e48c0e53-fcb6-40fd-b103-6b014b7a6400
- PhishDestroy: https://phishdestroy.io/domain/kra-37-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-37-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-37-at.com/
Last updated: 2026-03-27