# kra-38-cc.com — MALICIOUS

> kra-38-cc.com is a credential theft phishing site mimicking Kraken Exchange. Flagged by 7/95 VirusTotal vendors, this domain was created 02/08/2025.

## Summary
PhishDestroy identifies kra-38-cc.com as an active credential theft domain impersonating Kraken Exchange, a prominent cryptocurrency platform. This site is engineered to harvest login credentials and session tokens under the guise of a legitimate exchange interface, targeting users who may unknowingly input their sensitive information. The threat actor leverages deceptive domain similarity and a spoofed SSL certificate from Google Trust Services to establish false legitimacy, increasing the likelihood of successful credential capture.  This domain was flagged by 7 out of 95 security vendors on VirusTotal, indicating partial but not universal detection coverage. It was registered on February 08, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 188.114.96.3. The combination of a recent registration date, low vendor detection rate, and trusted SSL issuer suggests a well-designed but still emerging threat that has yet to be fully neutralized by security layers.  Users who have visited this domain should immediately reset their Kraken Exchange account passwords using a secure, isolated device. Enable two-factor authentication if not already configured, and review account activity for any unauthorized transactions. Consider revoking any API keys or session tokens that may have been exposed. Report suspicious activity to Kraken Exchange security and update your password manager entries to reflect the compromise. Organizations are advised to block kra-38-cc.com and 188.114.96.3 at the network perimeter to prevent further exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:40:44
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5cc8b96c-ce0c-4bf9-8f31-0158e3a60bd2
- PhishDestroy: https://phishdestroy.io/domain/kra-38-cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-38-cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-38-cc.com/
Last updated: 2026-03-27