# kra045cc.ru — SUSPICIOUS

> kra045cc.ru hosts a crypto drainer posing as a wallet login—blocked by 1/95 scanners. Verify on PhishDestroy before interacting.

## Summary
PhishDestroy identifies kra045cc.ru as an active crypto drainer domain that mimics legitimate wallet login portals to harvest private keys and seed phrases. This domain is designed to trick cryptocurrency users into entering sensitive credentials, which are then used to drain wallets instantly via automated transfers to attacker-controlled addresses. The domain masquerades as a plausible web service using a visually similar interface to popular wallet platforms, potentially luring victims through phishing links in spam emails, social media messages, or fake ads. Analysis confirms this is not a generic phishing attempt but a targeted crypto drainer operation intended for financial exploitation.  This domain was flagged by PhishDestroy on receipt of intelligence indicating elevated risk. VirusTotal shows 1 out of 95 security vendors currently detect the threat. The domain was registered through RU-CENTER-RU on November 17, 2025, making it less than one month old at the time of detection. It resolves to IP address 172.67.218.172, which is associated with Cloudflare infrastructure and previously linked to similar fraudulent activities. The domain utilizes a valid SSL certificate issued by Google Trust Services, adding false legitimacy to the phishing page. Despite low vendor detection, behavioral and content analysis by PhishDestroy confirms malicious intent.  Users who visited kra045cc.ru should immediately assume their cryptocurrency credentials may have been compromised. Do not enter passwords, private keys, or seed phrases on any page hosted by this domain. Disconnect from the internet to prevent unauthorized outgoing connections. Scan all connected devices for malware using reputable antivirus software. Rotate all wallet passwords and enable two-factor authentication where available. For advanced users, consider moving remaining funds to a newly generated wallet with a clean seed phrase. Report the domain to PhishDestroy and your wallet provider immediately to aid in takedown efforts. Monitor wallet activity continuously and revoke any unauthorized approvals to smart contracts or token transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-17 06:20:38
- Registrar: RU-CENTER-RU
- IP: 172.67.218.172

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1c14bc67-0709-4b05-8602-1400ac6164e8
- PhishDestroy: https://phishdestroy.io/domain/kra045cc.ru/
- LLM endpoint: https://phishdestroy.io/domain/kra045cc.ru/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra045cc.ru/
Last updated: 2026-03-28