# kra39at.com — SUSPICIOUS

> Site kra39at.com hosts a crypto-draining phishing page; VirusTotal shows 2 of 95 vendors flagging it (registered Nov 03, 2024).

## Summary
PhishDestroy identifies kra39at.com as an active crypto-draining phishing domain designed to trick visitors into approving malicious wallet transactions that silently transfer their cryptocurrency to attacker-controlled addresses. When loaded, the page mimics a legitimate crypto service login or token swap interface, prompting users to connect their wallets or sign transactions that drain funds instead of executing the promised swap or withdrawal. This type of attack is called a crypto drainer and is one of the fastest-growing threats in Web3, often embedded on malicious ads, fake airdrop sites, or hijacked social-media accounts.  This domain was flagged by PhishDestroy as a crypto drainer on November 03, 2024, the same day it was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. Security vendor scans via VirusTotal indicate that 2 out of 95 engines detect malicious activity associated with kra39at.com. The site resolves to IP address 188.114.97.3 and holds an SSL certificate issued by Google Trust Services, which attackers often use to appear legitimate. Due to the low detection rate, the domain currently carries an elevated risk level, meaning it can evade some automated filters and reach real users.  If you visited kra39at.com, disconnect your wallet immediately and revoke any permissions you may have granted. Never sign wallet transactions from unknown sites, and enable transaction simulation tools or hardware wallet confirmations to block unauthorized transfers. Clear your browser cache and cookies, and consider running a malware scan on your device. Report the domain to your wallet provider and to PhishDestroy to help protect others. Share this warning on social platforms or crypto forums to raise awareness and prevent further victims.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-11-03 18:37:25
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5035c694-5b86-418a-a7a0-6ede5bc08a46
- PhishDestroy: https://phishdestroy.io/domain/kra39at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra39at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra39at.com/
Last updated: 2026-03-27