# xn--krken28-bn4c.com — MALICIOUS

> Security report: krken28-bn4c.com is a fake login portal phishing domain with 5/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies krken28-bn4c.com as an active phishing domain mimicking legitimate login portals, posing an elevated risk to users. This domain was flagged by 5 out of 95 VirusTotal security vendors, indicating partial detection by mainstream antivirus engines. It was registered on April 07, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED and hosted at IP 188.114.97.3. The domain appears on 1 public blocklist and uses a Let’s Encrypt SSL certificate, which may lend it an air of legitimacy. Such combinations of recent registration, partial vendor detection, and hosting infrastructure are common in short-lived credential harvesting campaigns designed to evade immediate blacklisting.

Technical indicators reinforce the elevated risk profile. The domain resolves to a single IP address shared among multiple high-risk sites, suggesting a bulletproof hosting arrangement typical of phishing operations. Let’s Encrypt certificates are frequently abused due to their automated issuance process, allowing threat actors to rapidly deploy HTTPS infrastructure for deception. The low blocklist coverage—just one entry—implies the domain may still be in early propagation stages, spreading via phishing emails, social media, or impersonation attacks before widespread awareness emerges.

Mitigation for this threat type requires immediate action at both network and user levels. Organizations should block traffic to 188.114.97.3 and the domain krken28-bn4c.com at the firewall or DNS resolver. Users who have entered credentials should assume compromise and rotate passwords across critical accounts, enabling multi-factor authentication where available. Security teams should also scan endpoints for suspicious login patterns or data exfiltration attempts. Because this domain continues to evade full detection despite partial flags, early identification via threat intelligence feeds like PhishDestroy can prevent large-scale credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-04-07 15:05:05
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4dd2eebf-39ea-4636-9106-7d8cbc96c8c8
- PhishDestroy: https://phishdestroy.io/domain/xn--krken28-bn4c.com/
- LLM endpoint: https://phishdestroy.io/domain/xn--krken28-bn4c.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xn--krken28-bn4c.com/
Last updated: 2026-03-27