# kra48-at.com — SUSPICIOUS

> PhishDestroy identifies kra48-at.com as a crypto drainer phishing site with 3/95 VirusTotal detections, active since Feb 2025. Do NOT connect wallets.

## Summary
PhishDestroy identifies kra48-at.com as an elevated-risk crypto drainer scam designed to steal cryptocurrency from unsuspecting users. When victims connect their digital wallets to this fraudulent site, malicious smart contracts silently drain tokens and transfer them to attacker-controlled addresses without permission. The domain mimics legitimate crypto platforms by hosting fake trading interfaces or giveaway promotions that appear authentic at first glance, but are engineered to exploit wallet connection approvals.  This domain was flagged with high confidence based on multiple security indicators: VirusTotal shows 3 of 95 vendors detected the threat, the domain was registered on February 8, 2025, and it resolves to IP 104.21.79.15 through NICENIC INTERNATIONAL GROUP CO., LIMITED. SSL certificate validation via Google Trust Services does not indicate legitimacy, as threat actors increasingly obtain valid certificates to appear trustworthy. The combination of a newly created domain, low detection rate, and active campaign status elevates the risk profile.  If you visited kra48-at.com, immediately disconnect your wallet, revoke any suspicious approvals via tools like revoke.cash or your wallet’s built-in interface, and transfer remaining funds to a clean wallet. Do NOT reconnect to unknown sites. Report the domain to your wallet provider and file a complaint with local cybercrime units. Monitor transaction history for unauthorized outflows and consider rotating wallet addresses. Never approve contract interactions from untrusted domains to prevent unauthorized asset transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 00:01:31
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.79.15

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/96547342-a589-491b-86d2-3dedd79d84eb
- PhishDestroy: https://phishdestroy.io/domain/kra48-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kra48-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra48-at.com/
Last updated: 2026-03-27