# kra30.net — MALICIOUS

> kra30.net flagged as crypto wallet drainer site, 9/95 VirusTotal detections, full forensic report available here.

## Summary
PhishDestroy identifies kra30.net as an active crypto wallet drainer domain engineered for cryptocurrency theft. This malicious site poses as a legitimate crypto service to trick users into approving fraudulent wallet transactions that drain funds directly into attacker-controlled wallets. The strain employs a sophisticated drainer kit that manipulates wallet-connect approvals to authorize suspicious token transfers without user awareness. No legitimate brand appears to be impersonated, indicating the threat actor developed this kit from scratch to maximize anonymity and avoid brand-based detection flags.  This domain exhibits multiple red flags confirmed by forensic analysis. kra30.net currently resolves to IP 104.21.30.30 and was registered on November 03, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal reports 9 out of 95 security vendors now flag the domain, while Google Safe Browsing has not yet assigned a classification status. The SSL certificate issued by Google Trust Services creates a false sense of legitimacy, luring users into a false sense of security before the drainer kit executes its payload.  The site remains active and dangerous despite partial detection by security vendors. Users should immediately block kra30.net at the network level and avoid any interaction with the domain. Blocking the resolved IP 104.21.30.30 at firewalls or hosts files prevents accidental access. Since the domain is newly registered, future blocklists may take 24-48 hours to propagate, leaving a narrow window for infections. The elevated risk stems from the drainer kit’s ability to bypass wallet security prompts, making this threat particularly hazardous for cryptocurrency users engaging with unknown web3 services.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-03 18:56:30
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.30.30

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bbd55f5d-dd09-4d51-ae6b-97fe4ffdb69e
- PhishDestroy: https://phishdestroy.io/domain/kra30.net/
- LLM endpoint: https://phishdestroy.io/domain/kra30.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra30.net/
Last updated: 2026-03-28