# kra28-cc.net — SUSPICIOUS

> PhishDestroy flags kra28-cc.net as a crypto-drainer phishing site. 4/95 VirusTotal detections confirm active risk; verify and block immediately.

## Summary
PhishDestroy identifies kra28-cc.net as an active generic phishing domain engineered to harvest cryptocurrency wallet credentials and drain funds under an elevated threat classification.

Technical indicators place this domain at high risk: it was registered on February 08, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolves to IP 172.67.135.57, and carries a 4/95 detection score on VirusTotal as of the latest scan. The domain is secured with a Google Trust Services SSL certificate but remains flagged by 4 of 95 vendors, signaling inconsistent trustworthiness despite valid encryption. Current blocklist intelligence has not yet propagated widely, leaving users and automated defenses vulnerable to first-access compromise.

The domain remains active and unremediated, operating with elevated risk factors including recent creation, low initial detection coverage, and association with a known registrar used in opportunistic campaigns. PhishDestroy recommends immediate network-level blocking of 172.67.135.57 and domain-level blocking of kra28-cc.net. Users who may have visited the site should revoke exposed API keys, rotate wallet passwords, and scan devices for unauthorized access. While the SSL certificate indicates an attempt at legitimacy, the low VT score and active phishing classification override this veneer—urgent action is required to prevent cryptocurrency theft and account takeover.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-02-08 10:19:08
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.135.57

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/198b4022-0e7e-49da-8ed4-2253fd5e1784
- PhishDestroy: https://phishdestroy.io/domain/kra28-cc.net/
- LLM endpoint: https://phishdestroy.io/domain/kra28-cc.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kra28-cc.net/
Last updated: 2026-03-28