# kra-b17.cc — SUSPICIOUS

> kra-b17.cc is a newly registered phishing domain (Dec 2025) impersonating a crypto drainer. Resolves to 172.67.211.154 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies kra-b17.cc as an active crypto drainer phishing domain under investigation. The domain is engineered to mimic legitimate crypto service interfaces, tricking users into authorizing fraudulent transaction approvals. No affiliation with any known cryptocurrency brand or service has been established, indicating a likely opportunistic campaign leveraging generic branding to ensnare victims. The infrastructure exhibits high-risk characteristics typical of drainer toolkits, including deceptive SSL certificates and rapid domain registration designed for short-lived operations.  This domain resolves to IP address 172.67.211.154 and employs a Google Trust Services SSL certificate for added authenticity. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 12, 2025, marking it as a recent creation with minimal operational history. VirusTotal currently shows 0 detections across 95 engines, reflecting an undetected threat profile. As of this analysis, kra-b17.cc remains unlisted on major blocklists, suggesting it has evaded prior detection mechanisms.  As of the latest assessment, kra-b17.cc is classified as an active phishing resource with an undetermined risk level pending further investigation. Immediate containment measures include network-level blocking of the associated IP and domain. Users are advised to avoid interactions with this domain and report any suspicious activities involving crypto transactions. The absence of detections underscores the need for proactive monitoring, as this domain may escalate into a widespread threat if left unchecked.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-12 04:52:20
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.211.154

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/39573921-71c6-46ff-926a-d87fbf36c114
- PhishDestroy: https://phishdestroy.io/domain/kra-b17.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra-b17.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra-b17.cc/
Last updated: 2026-03-28