# kraken28-at.com — SUSPICIOUS

> kraken28-at.com is a crypto drainer impersonating Kraken (1/95 VT detections). Verify URLs before transactions to prevent fund loss.

## Summary
PhishDestroy identifies kraken28-at.com as an active brand impersonation domain targeting the cryptocurrency exchange Kraken. This domain employs a crypto drainer mechanism to deceive users into connecting malicious wallets, enabling unauthorized fund transfers to attacker-controlled addresses. The threat level is elevated due to the specific targeting of a major financial platform and the domain's recent registration, which suggests opportunistic impersonation rather than long-term infrastructure deployment.  

This domain was flagged by VirusTotal with 1 out of 95 security vendors detecting it as malicious. It resolves to IP address 104.21.53.148 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on January 29, 2024. The SSL certificate is issued by Google Trust Services, which does not inherently indicate legitimacy for this impersonation scenario. The low detection count may indicate either evasion techniques or a newly emerged threat that has not yet propagated across security vendor databases.  

To mitigate risk from this crypto drainer impersonation, users should verify any Kraken-related domains through official sources (kraken.com) and never enter wallet credentials or approve transactions from unsolicited links. Security teams should block this domain at DNS and network levels. Organizations should implement cryptocurrency transaction monitoring for anomalous transfers and maintain employee awareness of brand impersonation tactics in the crypto sector.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2024-01-29 13:25:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.53.148

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6abcbd13-d06d-457a-bbd3-9c5343034db1
- PhishDestroy: https://phishdestroy.io/domain/kraken28-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kraken28-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken28-at.com/
Last updated: 2026-03-24