# kra32-at.com — MALICIOUS

> PhishDestroy confirms kra32-at.com as an active crypto drainer impersonating Kraken Exchange, flagged by 6/95 VirusTotal vendors.

## Summary
kra32-at.com operates as a crypto drainer designed to trick users into connecting their digital wallets under the false pretense of Kraken Exchange services. Once a victim accesses the site and attempts to log in or connect a wallet, malicious scripts execute to drain tokens directly from connected wallets without requiring private key input. This type of threat is particularly dangerous because it targets users already familiar with legitimate exchanges, lowering their guard against fraudulent pages.  PhishDestroy identifies this domain as a confirmed threat based on multiple data points. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on November 02, 2024, the domain currently resolves to IP 172.67.168.85 and is protected by a Google Trust Services SSL certificate. Independent analysis by VirusTotal shows that 6 out of 95 security vendors have flagged kra32-at.com as malicious, indicating elevated risk across the threat intelligence ecosystem.  If you visited kra32-at.com, disconnect your wallet immediately and revoke any permissions granted to unknown domains using tools like WalletConnect or your wallet’s built-in dApp browser manager. Never reconnect or enter credentials on this site. Report the domain to your wallet provider and the exchange being impersonated (Kraken) to help protect others. Use caution with URLs containing unusual subdomains or atypical top-level domains, as they are common vectors for crypto drainers like this.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-02 16:53:26
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.168.85

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/67015212-01ff-4176-81b5-8418cef75e3d
- PhishDestroy: https://phishdestroy.io/domain/kra32-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra32-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra32-at.com/
Last updated: 2026-03-28