# kra9.net — SUSPICIOUS

> kra9.net hosts an active credential theft page mimicking Kraken Exchange, flagged by 3 of 95 VirusTotal vendors. Assess immediately for compromise.

## Summary
PhishDestroy identifies kra9.net as an active credential theft page impersonating Kraken Exchange. The domain is currently operational and engaged in a live phishing campaign targeting user credentials. Threat actors registered this domain on August 16, 2024, via NICENIC INTERNATIONAL GROUP CO., LIMITED, and it resolves to IP 104.21.64.134 with a Google Trust Services SSL certificate.  
This domain was flagged by 3 of 95 VirusTotal security vendors, exhibits a low trust score, and has no established reputation. The registrar and IP allocation suggest an attempt to obscure origin, consistent with adversary infrastructure designed to evade detection. Creation date and SSL issuance occurred within hours of each other, indicating rapid setup for immediate deployment against Kraken users.  
kra9.net remains active as of the latest telemetry. Security teams should block this domain at DNS and network layers, investigate any employee or customer reports of Kraken credential prompts, and mandate password resets for any interaction with suspicious login portals. Continuous monitoring for similar domains and deep inspection of proxy logs are advised to prevent credential compromise. Immediate containment actions reduce risk of lateral movement and financial loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-08-16 07:02:55
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.64.134

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f70553d2-c5b6-4378-805d-b4d1d993d433
- PhishDestroy: https://phishdestroy.io/domain/kra9.net/
- LLM endpoint: https://phishdestroy.io/domain/kra9.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra9.net/
Last updated: 2026-03-28