# kra32-at.cc — MALICIOUS

> kra32-at.cc is a crypto drainer phishing site flagged by 5/95 VirusTotal vendors. This domain mimics Kraken exchange to steal crypto assets.

## Summary
PhishDestroy identifies kra32-at.cc as an active crypto drainer domain propagating credential theft under the guise of Kraken cryptocurrency services. This domain has been classified as elevated risk due to confirmed malicious infrastructure tied to unauthorized fund extraction campaigns targeting unsuspecting users. Kra32-at.cc was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on November 06, 2024, shortly before the onset of observed malicious activity.  This domain resolves to IP address 172.67.134.61 and operates with an SSL certificate issued by Google Trust Services, which enhances its disguise as a legitimate service. According to VirusTotal analysis, 5 out of 95 security vendors currently flag kra32-at.cc as malicious, indicating active detection by reputable threat intelligence systems. The domain's recent creation—within the past month—suggests a campaign designed for rapid deployment and evasion of historical blocklists.  Users are strongly advised to avoid visiting kra32-at.cc and report this domain immediately to their security teams or via abuse channels. Organizations should implement DNS filtering rules to block resolution of this domain. Cybersecurity teams should inspect network traffic for communications with 172.67.134.61 and monitor endpoints for unauthorized cryptocurrency wallet activity. Additionally, users who entered credentials or crypto wallet seeds on this domain should revoke access to compromised accounts and transfer remaining assets to new, secure wallets. Immediate action is crucial to prevent financial loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-06 16:08:55
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.134.61

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b2400ba0-ec24-4f8f-a46a-7b0f0e8fefea
- PhishDestroy: https://phishdestroy.io/domain/kra32-at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra32-at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra32-at.cc/
Last updated: 2026-03-26