# PhishDestroy threat dossier — kraken-guide.top ================================================================ Fetched: 2026-04-25 17:17:06 UTC Canonical: https://phishdestroy.io/domain/kraken-guide.top/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 92/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Kraken ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 0/95 security vendors flagged this domain ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 172.67.175.115 Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED !!! REGISTRAR INTEGRITY ALERT — NiceNIC !!! NiceNIC International: over 90% of its registered domains are associated with illegal content; documented systematic abuse-report non-response. Primary sources: https://phishdestroy.io/nicenic-real https://phishdestroy.io/nicenic-verdict Nameservers: ignat.ns.cloudflare.com, kay.ns.cloudflare.com Registered: 2026-04-23 Page title: Как выбрать надёжный Kraken маркетплейс в 2026 году — экспертныРHTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / E7 Expires: 2026-07-23 Status: INVALID chain Fingerprint: 4e58e17e914939ddec5f28660af1810d6797825703f7f6cc9d30d87b295320ed ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-04-23 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-04-25 08:14:53 UTC (by PhishDestroy tracker) First reported: 2026-04-25 05:15:35 UTC (abuse notice filed) Last verified: 2026-04-25 15:00:16 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019dc30f-2d91-70b4-aed8-53fcdb9f9ec0/ URLQuery: https://urlquery.net/report/394717cd-0a00-45cb-b5e2-8f0b8965b6ab Wayback Machine: https://web.archive.org/web/*/kraken-guide.top crt.sh CT logs: https://crt.sh/?q=%25.kraken-guide.top Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=kraken-guide.top AlienVault OTX: https://otx.alienvault.com/indicator/domain/kraken-guide.top URLhaus: https://urlhaus.abuse.ch/host/kraken-guide.top/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-04-25 08:15:26 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] PhishDestroy identifies kraken-guide.top as an active brand impersonation domain targeting Kraken cryptocurrency exchange users. This domain is currently under investigation as part of a suspected phishing campaign designed to deceive victims into disclosing sensitive credentials or cryptocurrency wallet information under the guise of providing trading guides or support services. There is no confirmed drainer kit associated with this domain at this time, but its rapid registration and low VirusTotal detection rate suggest an emerging threat vector. This domain exhibits multiple red flags consistent with malicious infrastructure. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 23, 2026, kraken-guide.top resolves to IP address 172.67.175.115, a Cloudflare IP often leveraged in phishing operations to obscure origin and evade takedown efforts. The domain operates with a valid Let's Encrypt SSL certificate, increasing its legitimacy to unsuspecting users. Critically, this domain remains undetected on VirusTotal with a score of 0/95 detections as of the latest scan. It is not currently flagged by Google Safe Browsing (GSB) and has not been added to public blocklists, indicating a newly deployed and unmitigated threat. The combination of low detection, recent registration, and brand impersonation creates a high-risk scenario for Kraken users seeking support or educational resources. As of this report, kraken-guide.top remains active and unblocked. PhishDestroy has flagged this domain for immediate analysis and escalation to ISP and domain registrars for deactivation. Users are advised to avoid accessing this domain and report any related phishing attempts to Kraken’s official support and relevant cybersecurity authorities. While the immediate risk is elevated due to zero detections, proactive blocking by security teams can prevent potential victimization. The investigation continues to monitor for additional infrastructure or drainer components linked to this campaign. Remaining risk is assessed as moderate-to-high pending takedown or deactivation. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260425-5B9024 Favicon MD5: a93839b3372cbe989e640d7d6dd2374b TLS cert SHA-256: 4e58e17e914939ddec5f28660af1810d6797825703f7f6cc9d30d87b295320ed ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/kraken-guide.top/ JSON API: https://api.destroy.tools/v1/check?domain=kraken-guide.top Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io