# kra-39-at.com — MALICIOUS

> PhishDestroy flags kra-39-at.com as a crypto drainer impersonating Kraken. 10/95 VirusTotal engines detect the threat—verify before you click.

## Summary
PhishDestroy identifies kra-39-at.com as an active crypto-draining phishing domain engineered to steal cryptocurrency from unsuspecting users. The site masquerades as Kraken, a legitimate exchange, luring visitors into connecting crypto wallets and approving fraudulent transactions that drain balances without consent.  This domain was flagged by 10 out of 95 VirusTotal security vendors within hours of creation on 2025-02-08. The domain is registered through NiceNIC International Group and resolves to IP 172.67.164.91 under a Google Trust Services SSL certificate. These indicators place kra-39-at.com on multiple blocklists and heighten risk of financial theft.  If you visited kra-39-at.com, revoke any wallet connections immediately using your wallet’s official interface, scan devices for malware, and report the domain at PhishDestroy to help protect others.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:25:44
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.164.91

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/489746e0-6ad1-4f71-b945-2de7db0cf67d
- PhishDestroy: https://phishdestroy.io/domain/kra-39-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra-39-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-39-at.com/
Last updated: 2026-03-27