# kra37at.com — MALICIOUS

> kra37at.com is a crypto drainer impersonating Kraken Exchange. Flagged by 6 of 95 VirusTotal vendors. Verify safety on PhishDestroy now.

## Summary
PhishDestroy identifies kra37at.com as an active cryptocurrency drainer posing as a Kraken Exchange interface. This domain exhibits elevated threat indicators typical of sophisticated credential harvesting campaigns targeting digital asset holders. The site remains operational and unresolved, with no takedown measures detected at time of assessment.  This domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on November 03, 2024, resolving to IP address 104.21.44.76. Security analysis reveals this threat has achieved detection by 6 of 95 VirusTotal scanning vendors, indicating partial but insufficient coverage against its malicious payload. The domain operates with a Google Trust Services SSL certificate, potentially enhancing its credibility to unsuspecting visitors. Current threat intelligence suggests this infrastructure may be part of a coordinated campaign rather than isolated malicious activity.  The elevated risk level warrants immediate caution as kra37at.com demonstrates advanced capabilities to exfiltrate cryptocurrency wallet credentials and seed phrases. PhishDestroy recommends users avoid all interactions with this domain and verify any Kraken-related communications through official channels. Security practitioners should consider blocking IP 104.21.44.76 at network perimeters. Continuous monitoring is advised due to the domain's recent registration date and demonstrated evasion of initial detection mechanisms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-03 18:35:37
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.44.76

## Detection Status
- VirusTotal: 6 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e4145143-7627-47c7-b965-ec9cf9a23cb9
- PhishDestroy: https://phishdestroy.io/domain/kra37at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra37at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra37at.com/
Last updated: 2026-03-27