# kpa28.cc — MALICIOUS

> kpa28.cc is a generic phishing domain flagged by 14/95 VirusTotal vendors. Users should avoid interacting with this domain due to elevated phishing risks.

## Summary
PhishDestroy identifies kpa28.cc as an active generic phishing domain posing significant risks to unwary users. This domain is engineered to impersonate legitimate entities, often harvesting credentials or distributing malware under the guise of trustworthy communications. PhishDestroy’s analysis confirms this domain was registered on January 23, 2025, and currently resolves to IP address 172.67.192.73 via NICENIC INTERNATIONAL GROUP CO., LIMITED. The domain carries an elevated risk designation due to its recent emergence and the presence of a valid SSL certificate issued by Google Trust Services, which may lull users into a false sense of security.  This domain has been flagged by 14 out of 95 VirusTotal security vendors, indicating partial but not universal recognition of its malicious nature. The combination of a newly registered domain, a reputable SSL issuer, and partial detection coverage makes kpa28.cc a particularly deceptive threat. Its generic phishing classification suggests it is not targeting a single organization or industry but is instead casting a wide net to ensnare victims across multiple sectors. The low detection ratio also implies the domain may still be in the early stages of its campaign, evading comprehensive blocklists at this time.  Users who have interacted with kpa28.cc are strongly advised to reset any credentials that may have been entered on the site and monitor accounts for signs of compromise. If the domain was accessed via email or message, the sender should be reported as suspicious. Users should also consider running a full malware scan on devices used to access the domain, as phishing pages often deliver secondary payloads. To prevent future exposure, users should enable browser-based phishing and malware protection or deploy dedicated ad-blocking extensions with phishing filters. Organizations are urged to update blocklists to include this domain and monitor network traffic for connections to 172.67.192.73. Immediate action is critical due to the domain’s active status and expanding threat profile.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-01-23 20:33:40
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.192.73

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2fefa473-3a91-417d-bfd2-fe1f196ea68d
- PhishDestroy: https://phishdestroy.io/domain/kpa28.cc/
- LLM endpoint: https://phishdestroy.io/domain/kpa28.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kpa28.cc/
Last updated: 2026-03-26