# kra32cc-kra32-at.top — SUSPICIOUS

> Investigating kra32cc-kra32-at.top for crypto drainer phishing. Flagged by 0 of 95 VirusTotal vendors. Block immediately and report.

## Summary
PhishDestroy identifies the domain kra32cc-kra32-at.top as an active crypto drainer phishing site currently under investigation by fraud detection teams. The domain is not yet flagged by automated security vendors but exhibits high-risk indicators, including a recently registered name and association with cryptocurrency-related fraud campaigns. Threat intelligence suggests this domain may be deployed in social engineering attacks targeting digital asset holders.

This domain resolves to IP address 104.21.27.55 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on June 14, 2025. Despite having a valid SSL certificate issued by Google Trust Services, VirusTotal currently shows 0 detections across 95 security vendors, indicating it has not yet been widely recognized as malicious. The absence of detections suggests either a very recent deployment or evasion tactics by the threat actor. Technical analysis reveals no immediate inclusion on major blocklists, though this may change as additional threat intelligence emerges.

The current status of this domain remains active and under investigation, with no confirmed blocklist inclusion at this time. Organizations and individuals are strongly advised to implement network-level blocking of both the domain kra32cc-kra32-at.top and its associated IP address 104.21.27.55. Users should exercise extreme caution when encountering this domain or any linked cryptocurrency-related communications, verifying all URLs through independent sources. Immediate reporting to cybersecurity teams and relevant threat intelligence platforms is recommended to expedite detection and mitigation efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-14 20:02:22
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.27.55

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/10d71c58-955e-4b0e-af8d-ff0d96e668f8
- PhishDestroy: https://phishdestroy.io/domain/kra32cc-kra32-at.top/
- LLM endpoint: https://phishdestroy.io/domain/kra32cc-kra32-at.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra32cc-kra32-at.top/
Last updated: 2026-03-29