# kraken-18at.net — SUSPICIOUS

> kraken-18at.net impersonates Kraken using a Google Trust Services SSL cert. This domain poses as the cryptocurrency exchange to steal credentials—block now.

## Summary
PhishDestroy identifies kraken-18at.net as an active brand impersonation domain targeting the Kraken cryptocurrency exchange. This fraudulent site uses visual and lexical techniques to closely mimic Kraken’s official platform, deceiving users into entering sensitive login credentials or payment information under the guise of a legitimate service. The domain appears to be part of a broader drainer kit designed to harvest user data and facilitate financial theft, leveraging spoofed branding to reduce user suspicion during authentication flows. The site’s deceptive appearance is heightened by the presence of a Google Trust Services SSL certificate, which may mislead visitors into believing the site is secure and authentic. Registered through Edomains LLC on August 22, 2025, this domain represents an elevated and evolving threat to cryptocurrency users seeking to avoid financial loss.

This domain exhibits several concrete technical indicators that confirm its malicious intent. According to VirusTotal, the domain is flagged by 2 out of 95 security vendors, indicating limited but emerging detection. It resolves to IP 104.21.63.103 and was created on August 22, 2025, suggesting recent deployment. The use of a Google Trust Services SSL certificate further complicates user discernment, while the low current blocklist count highlights a window of opportunity for proactive mitigation before broader threat intelligence dissemination.

As of this report, kraken-18at.net remains active and poses a persistent risk to unsuspecting users. Immediate actions include blocking access to the domain at the network and endpoint levels using the IP and domain indicators provided. Users are strongly advised to avoid interacting with any links related to kraken-18at.net and to verify the correct domain (kraken.com) before entering credentials or financial data. While the current detection rate remains low, continued monitoring and user education are essential to prevent credential harvesting and potential funds loss. The remaining risk is elevated due to the domain’s recent registration, active status, and brand impersonation tactics that exploit trust in established cryptocurrency platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2025-08-22 18:34:46
- Registrar: Edomains LLC
- IP: 104.21.63.103

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c50c9edb-5fbe-40d5-8440-a6c482098750
- PhishDestroy: https://phishdestroy.io/domain/kraken-18at.net/
- LLM endpoint: https://phishdestroy.io/domain/kraken-18at.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken-18at.net/
Last updated: 2026-03-27