# kraroulette.cc — MALICIOUS

> kraroulette.cc engages in credential theft via a fake crypto roulette platform. Flagged by 13/95 security vendors, it mimics popular brands to harvest user.

## Summary
PhishDestroy identifies kraroulette.cc as an active credential theft domain designed to impersonate legitimate crypto gaming platforms. The domain leverages a deceptive interface resembling a roulette-style gambling site to trick users into entering login credentials and cryptocurrency wallet information, which are then exfiltrated to attacker-controlled servers. Security researchers have observed this infrastructure being used in widespread phishing campaigns targeting cryptocurrency enthusiasts, with evidence suggesting a focus on users of major platforms. The domain does not appear to utilize a known drainer kit such as Angel Drainer or Inferno Drainer, indicating it may employ custom harvesting scripts instead.


Technical analysis of kraroulette.cc reveals elevated risk indicators across multiple dimensions. The domain resolves to IP address 188.114.97.3 and was registered on July 15, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It holds a valid SSL certificate issued by Google Trust Services, likely used to enhance credibility and bypass browser warnings. VirusTotal currently flags the domain with a detection score of 13/95 security vendors as of the latest scan, indicating partial visibility but incomplete blocklisting. The domain is not currently flagged by Google Safe Browsing (GSB) and shows no presence on major threat intelligence platforms such as PhishTank or OpenPhish at the time of writing.


Despite partial detection, kraroulette.cc remains active and poses a significant risk to users engaging with crypto-related services. The domain’s recent creation date and partial detection rate suggest it may expand operations or evade blocking as awareness increases. Users are advised to avoid interacting with this domain and report it via their browser’s phishing reporting tool. Organizations are recommended to block both the domain and IP address at the network level. While current risk is elevated due to active status and low complete blocklisting, proactive mitigation can prevent credential compromise. Remaining risk includes potential escalation into broader phishing campaigns targeting similar services.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-15 07:39:31
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/59fb039d-8d67-4307-8ecb-1e527838a07d
- PhishDestroy: https://phishdestroy.io/domain/kraroulette.cc/
- LLM endpoint: https://phishdestroy.io/domain/kraroulette.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraroulette.cc/
Last updated: 2026-03-26