# kraken-com.pages.dev — MALICIOUS

> kraken-com.pages.dev is a high-risk phishing domain mimicking Kraken. Stay vigilant and avoid interaction to protect your assets.

## Summary
PhishDestroy identifies kraken-com.pages.dev as a high-risk phishing domain engaging in brand impersonation targeting Kraken, a well-known cryptocurrency exchange. Classified under brand_impersonation threats, this domain attempts to deceive users by leveraging Kraken's brand reputation to harvest sensitive information.

Technical analysis reveals that kraken-com.pages.dev resolves to the IP address 172.66.47.82 and was registered via Cloudflare, Inc. The domain was created recently on February 21, 2026, and has appeared on three distinct security blocklists. Gridinsoft assigns it a trust score of 0/100, indicating complete distrust. VirusTotal flags the domain through 15 out of 95 security vendors, further confirming its malicious intent. The page title encountered during analysis was "Suspected phishing site | Cloudflare," suggesting Cloudflare's internal detection mechanisms flagged the site.

Currently, kraken-com.pages.dev is offline following takedown actions, reflecting a rapid response to neutralize the threat. Users are advised to remain cautious and verify URLs before submitting credentials or personal data. PhishDestroy continues to monitor related infrastructure for potential re-emergence or new campaign activity leveraging Kraken’s brand.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Kraken
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.82
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["noor.ns.cloudflare.com", "roan.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b6e41-7d30-713a-b86a-6c0cb5b8e2cc.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b8b22dbc-1667-4c46-9341-1c7ae0a3a456
- PhishDestroy: https://phishdestroy.io/domain/kraken-com.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/kraken-com.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken-com.pages.dev/
Last updated: 2026-03-19