# kraken-19.net — MALICIOUS

> PhishDestroy flags kraken-19.net as a crypto drainer domain impersonating Kraken; 9/95 VirusTotal detections. Analyze before interaction.

## Summary
PhishDestroy identifies kraken-19.net as an elevated-risk domain engaging in brand impersonation targeting Kraken users. This domain, registered with NICENIC INTERNATIONAL GROUP CO., LIMITED, was created on April 04, 2025 and resolves to IP 104.21.62.38. PhishDestroy’s analysis reveals that 9 out of 95 security vendors on VirusTotal currently flag this domain for malicious activity. The presence of an SSL certificate issued by Google Trust Services increases the likelihood of successful social engineering by presenting a deceptive aura of legitimacy.  The domain’s technical indicators align with active crypto drainer campaigns, which typically lure victims under the guise of a trusted brand—in this case, Kraken—to extract sensitive wallet credentials or initiate unauthorized transaction prompts. Monitoring services have not yet flagged this domain on major blocklists, though its recent creation and low detection coverage suggest it is either newly deployed or deliberately evasive. Registrar data indicates a preference for anonymity and ease of registration, a common tactic among threat actors seeking to rapidly cycle domains. The combination of fresh creation, SSL certification, and partial detection evasion mirrors patterns observed in similar campaigns leveraging fake crypto exchange portals.  Mitigation requires immediate user awareness and system hardening. Users interacting with Kraken or similar brands should verify domain spelling, SSL certification issuers, and cross-reference with official channels. Organizations are advised to block kraken-19.net at the network perimeter and DNS level, and to deploy endpoint detection rules targeting crypto-related domain interactions. Threat intelligence should be updated to include this domain, with SOC teams monitoring for lateral movement or credential harvesting attempts using associated IPs or infrastructure. Prompt reporting and takedown requests to registrars and browser vendors can help curb further abuse. Proactive scanning of logs for connections to 104.21.62.38 or similar endpoints is strongly recommended to prevent data compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2025-04-04 17:10:16
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.62.38

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/494464ab-aac9-4f11-9c32-2523f292d5c5
- PhishDestroy: https://phishdestroy.io/domain/kraken-19.net/
- LLM endpoint: https://phishdestroy.io/domain/kraken-19.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken-19.net/
Last updated: 2026-03-28