# kra23.net — SUSPICIOUS

> kra23.net is flagged for active crypto drainer phishing, with 4/95 VirusTotal detections. Check the full report to assess the risk and protect your assets.

## Summary
PhishDestroy identifies kra23.net as an active generic phishing domain deployed for crypto drainer scams, leveraging deceptive domain characteristics to impersonate legitimate services and siphon cryptocurrency assets.


This domain resolves to IP 188.114.97.3 and was registered on November 02, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis shows 4 out of 95 security vendors flagged this domain for malicious activity, while it utilizes a Google Trust Services SSL certificate to establish false legitimacy. As of the latest assessment, kra23.net remains unlisted on Google Safe Browsing (GSB) and has yet to be widely blacklisted, increasing its potential reach among unsuspecting users engaging in crypto transactions.


kra23.net remains active and poses an elevated risk to cryptocurrency users due to its association with drainer scams. Immediate defensive actions include blocking the domain at the network and endpoint levels using threat intelligence feeds that reference the IP 188.114.97.3. Users are urged to exercise extreme caution when encountering this domain in unsolicited emails, social media promotions, or fake investment platforms. The current risk remains elevated as the domain continues to operate with minimal takedown intervention and leverages HTTPS encryption to bypass basic browser warnings. Proactive monitoring and user education are essential to mitigate exposure to this phishing threat.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-02 16:43:40
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/88bda946-c3a7-45c8-897e-201781af6197
- PhishDestroy: https://phishdestroy.io/domain/kra23.net/
- LLM endpoint: https://phishdestroy.io/domain/kra23.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra23.net/
Last updated: 2026-03-28