# kraken28-at.net — MALICIOUS > Beware kraken28-at.net: a Kraken brand impersonation site detected by 10/95 VirusTotal vendors. Verify all crypto URLs before clicking to avoid credential theft. ## Summary PhishDestroy identifies kraken28-at.net as an active brand-impersonation domain targeting Kraken cryptocurrency users. Operators lured victims by mimicking Kraken’s branding to harvest credentials and drain wallets. This domain was flagged by 10 of 95 VirusTotal security vendors on first inspection and first went live on January 29, 2024. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and currently resolves to 104.21.1.71. Despite holding a Google Trust Services SSL certificate, the low VT detection ratio and fresh registration date raise elevated risk. If you visited kraken28-at.net, immediately change any passwords you may have entered and revoke API keys or withdrawal permissions tied to that session. Do not connect hardware wallets or approve transactions on the site. Report the domain to Kraken’s abuse team and run a malware scan on the device you used. Forward the URL to your organization’s threat-intel inbox for blocking. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Kraken ## Domain Intelligence - Registered: 2024-01-29 13:26:46 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.1.71 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b8ec4ccb-f034-4d2b-ad8d-be2cf9197e91 - PhishDestroy: https://phishdestroy.io/domain/kraken28-at.net/ - LLM endpoint: https://phishdestroy.io/domain/kraken28-at.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kraken28-at.net/ Last updated: 2026-03-28