# kra31-at.com — MALICIOUS

> PhishDestroy identifies kra31-at.com as an active crypto drainer phishing site. VirusTotal flags 8/95 vendors for crypto theft risks.

## Summary
PhishDestroy identifies kra31-at.com as an active crypto drainer domain posing elevated threat risks to cryptocurrency users. The domain is designed to mimic legitimate services to deceive users into connecting wallets and initiating unauthorized transactions. This threat leverages trust manipulation to facilitate crypto asset theft, making it a critical risk for blockchain users handling digital assets.  This domain was flagged by PhishDestroy with an elevated risk rating due to multiple indicators of compromise. The domain resolves to IP 104.21.37.210 and was registered on November 02, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis shows 8 out of 95 security vendors have detected malicious indicators, signaling inconsistent but concerning detection coverage. The domain holds an SSL certificate issued by Google Trust Services, which may lend a false sense of legitimacy to potential victims. Despite its recent creation, the domain has already drawn attention from security communities due to its active involvement in phishing campaigns aimed at cryptocurrency theft.  The primary threat vector involves crypto drainer phishing, where users are tricked into visiting the site and connecting their crypto wallets under false pretenses. Once connected, the site can initiate unauthorized token transfers or drain assets directly. Given the domain’s recent registration and active status, users interacting with this domain risk immediate financial loss. Mitigation requires immediate avoidance of the domain and any linked URLs. Users should verify domain authenticity via official channels, ensure wallet software is updated, and report the domain to their security teams and platforms such as VirusTotal or local cybercrime units. Blocking the IP 104.21.37.210 at the network perimeter may prevent further exploitation if integrated into existing security controls.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-02 16:52:28
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.37.210

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/dcd1b8fe-941e-4e6e-93be-309013193ab5
- PhishDestroy: https://phishdestroy.io/domain/kra31-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra31-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra31-at.com/
Last updated: 2026-03-28