# kra197.cc — SUSPICIOUS

> kra197.cc is a live crypto drainer impersonating Kraken. VT 0/95, registered Aug 04 2025. Avoid immediately and verify on PhishDestroy.

## Summary
PhishDestroy identifies kra197.cc as an active crypto-drainer domain masquerading as the legitimate cryptocurrency exchange Kraken. The site leverages a visually similar brand identity to trick users into connecting wallets and signing malicious transactions that silently drain funds. No publicly documented drainer kit family has been matched yet, so the exact payload remains under forensic analysis.  This domain was registered through Dynadot Inc on August 04 2025 and currently resolves to IP 188.114.96.3. VirusTotal shows 0 out of 95 engines detecting the threat, and the domain holds a valid Let’s Encrypt SSL certificate. Google Safe Browsing has not yet flagged the URL, and public blocklists show zero listings against kra197.cc as of the latest scan. These technical indicators suggest a very young, low-reputation domain actively serving its malicious purpose.  As of today, kra197.cc remains active and is engaged in live credential and wallet harvesting. PhishDestroy has flagged the domain under seed b76830 and is coordinating with hosting providers and registrars for takedown. Users are advised to avoid any interaction with kra197.cc, verify URLs via PhishDestroy before entering credentials or connecting wallets, and report any suspicious transactions immediately. Risk remains HIGH until the domain is fully sinkholed or taken offline.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-08-04 15:02:13
- Registrar: Dynadot Inc
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/da5d7f98-1091-4d4e-a099-f03924b19d20
- PhishDestroy: https://phishdestroy.io/domain/kra197.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra197.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra197.cc/
Last updated: 2026-03-29