# kra36at.com — SUSPICIOUS

> kra36at.com is a credential theft site with 0/95 VirusTotal detections posing as a crypto drainer. Avoid entering sensitive data.

## Summary
PhishDestroy identifies kra36at.com as an active credential theft domain designed to harvest login credentials and cryptocurrency wallet access, operating as a crypto drainer under investigation for malicious activity. This domain was flagged with 0 detections out of 95 VirusTotal scans, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on November 03, 2024, and resolves to IP 188.114.97.3. The presence of a Google Trust Services SSL certificate adds superficial legitimacy, though it is frequently exploited in phishing campaigns to deceive users.  The technical indicators for kra36at.com are concerning due to its low detection rate on VirusTotal (0/95), indicating it has yet to be widely recognized by security vendors despite its active status. The domain’s recent creation date, paired with its association with a high-risk IP address (188.114.97.3), suggests a hastily deployed threat infrastructure aimed at evading detection. Additionally, the use of NICENIC INTERNATIONAL GROUP CO., LIMITED as the registrar is notable, as this provider has been linked to numerous malicious domains in the past. The combination of these factors—low scan detection, recent registration, and a suspicious IP—positions kra36at.com as a high-risk credential theft domain.  If you have visited kra36at.com, immediately cease interaction with the site and disconnect any connected cryptocurrency wallets or accounts. Scan your device for malware using reputable antivirus software and revoke any permissions granted to the domain. Report the domain to your local cybersecurity authority or organizations like PhishDestroy, VirusTotal, or Google Safe Browsing to help mitigate further risks. Avoid entering any credentials or sensitive information on this domain, as it is likely designed to capture and exfiltrate data for financial theft or identity fraud.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-03 18:34:39
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a2377217-0cb0-4009-8c74-0dc807aa9a73
- PhishDestroy: https://phishdestroy.io/domain/kra36at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra36at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra36at.com/
Last updated: 2026-03-27