# kra32-cc.com — MALICIOUS

> PhishDestroy identifies kra32-cc.com as an active crypto drainer phishing domain. 7/95 security vendors flag this site, registered February 08, 2025.

## Summary
PhishDestroy’s automated threat engine has flagged kra32-cc.com as an active crypto drainer domain designed to trick cryptocurrency users into approving malicious transactions that silently drain wallets. The domain mimics legitimate crypto services or exchanges to harvest seed phrases, private keys, or connection approvals, redirecting stolen funds to attacker-controlled addresses under the guise of “verification” or “security updates.”  This domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 08, 2025, and currently resolves to IP address 188.114.97.3. According to VirusTotal, it is detected by 7 out of 95 participating security vendors, placing it in the elevated risk category. The SSL certificate is issued by Google Trust Services, which is leveraged to appear legitimate at first glance—an increasingly common tactic to evade browser warnings and gain user trust.  If you visited kra32-cc.com, especially after being redirected or clicking an ad, immediately revoke any wallet connections using tools like WalletConnect or MetaMask’s “Connected Sites” list. Do not sign further transactions or enter seed phrases. Scan your device for malware using reputable antivirus software, rotate all wallet passwords, and consider transferring remaining funds to a newly created wallet with a different seed phrase. Report the domain to your wallet provider and local cybercrime units to help disrupt ongoing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:13:20
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8b15c909-5f28-4393-b921-18d9e464d565
- PhishDestroy: https://phishdestroy.io/domain/kra32-cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra32-cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra32-cc.com/
Last updated: 2026-03-27