# kra39-cc.com — MALICIOUS

> PhishDestroy identifies kra39-cc.com as a crypto drainer mimicking legitimate services. With 13/95 VirusTotal detections, avoid this domain immediately.

## Summary
PhishDestroy identifies kra39-cc.com as a recently activated crypto drainer designed to trick users into connecting wallets or entering recovery phrases. This domain, registered just days ago on February 08, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, has already been flagged by 13 out of 95 security vendors on VirusTotal, indicating a significant but not yet universal awareness of its malicious nature. The domain resolves to 104.21.29.200 and boasts an SSL certificate from Google Trust Services, tactics often employed to lend false legitimacy to phishing infrastructure.  This domain poses an elevated risk due to its specific focus on cryptocurrency theft, a high-value target for threat actors. The combination of a freshly registered domain, partial but meaningful detection rates, and the use of a reputable SSL certificate suggests a well-crafted attempt to deceive security tools and users alike. The relatively low blocklist count (13/95) may indicate that some automated defenses have yet to catch up with this threat, making manual vigilance critical.  Users who have encountered this domain should avoid interacting with it under any circumstances. If wallet connections were attempted or sensitive data was entered, disconnect the wallet immediately, revoke any unauthorized permissions, and transfer funds to a new wallet if necessary. Report the domain to PhishDestroy and monitor transactions closely for signs of unauthorized activity. Given the domain's recent activation, its threat level could escalate rapidly as more security vendors update their detection signatures.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:17:36
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.29.200

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2a958bce-7055-4052-86cd-404af4a8d110
- PhishDestroy: https://phishdestroy.io/domain/kra39-cc.com/
- LLM endpoint: https://phishdestroy.io/domain/kra39-cc.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra39-cc.com/
Last updated: 2026-03-27