# kra38--at.cc — MALICIOUS

> kra38--at.cc is a crypto drainer phishing site flagged by 16/95 VirusTotal engines. Avoid this domain to prevent cryptocurrency theft.

## Summary
PhishDestroy identifies kra38--at.cc as an active crypto drainer phishing domain impersonating legitimate cryptocurrency platforms to steal digital assets. This domain employs deceptive tactics, including mimicking trusted exchange interfaces, to trick users into connecting their wallets and authorizing fraudulent transactions. The threat actor behind this operation uses a drainer kit designed to siphon cryptocurrency from victims' wallets upon interaction, posing significant financial risk to unsuspecting users.  

This domain was flagged by 16 out of 95 VirusTotal security vendors, indicating elevated malicious activity. It resolves to IP address 185.226.92.168 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain was created on July 28, 2025, and utilizes an SSL certificate issued to imuslab.com, suggesting a spoofed or compromised certificate. As of the latest assessment, kra38--at.cc remains unblocked by Google Safe Browsing (GSB) and has not been widely added to major blocklists, increasing exposure to potential victims.  

The current status of kra38--at.cc is active, with no confirmed takedown actions observed. Users are strongly advised to block this domain at the network and endpoint levels, avoid any interactions with the site, and report suspicious activity to their security teams or relevant cryptocurrency platform providers. Remaining risk is elevated due to the domain's recent creation, low blocklist coverage, and the active nature of crypto drainer operations. Immediate mitigation is critical to prevent further financial losses.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-28 09:06:33
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7cacf77e-42ba-41c6-8857-0e7877e66c2f
- PhishDestroy: https://phishdestroy.io/domain/kra38--at.cc/
- LLM endpoint: https://phishdestroy.io/domain/kra38--at.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra38--at.cc/
Last updated: 2026-03-26