# kraken36-at.com — MALICIOUS

> PhishDestroy identifies kraken36-at.com as a live Kraken impersonation domain. 19/95 VirusTotal vendors flag this site, which resolves to 185.226.92.168.

## Summary
PhishDestroy classifies kraken36-at.com as an elevated-risk brand impersonation domain targeting Kraken users. This domain was registered on August 12, 2024 through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to 185.226.92.168. VirusTotal analysis shows 19 out of 95 security vendors flagging the domain, indicating partial but not universal detection. The presence of a Let's Encrypt SSL certificate suggests the operators are attempting to appear legitimate, while the recent registration date indicates opportunistic abuse of the Kraken brand.  Risk assessment for kraken36-at.com is elevated due to the combination of active impersonation, low-to-moderate detection coverage, and freshly minted infrastructure. The domain’s age (just days old at time of discovery) suggests it is part of a fast-moving campaign likely aimed at harvesting credentials or payment data under the guise of the legitimate Kraken cryptocurrency exchange. The IP address 185.226.92.168 has no established reputation, increasing the likelihood of malicious hosting. The registrar’s permissive policies and the use of a free certificate provider further lower operational friction for threat actors, enabling rapid domain turnover and evasion of takedowns.  Mitigation begins with blocking kraken36-at.com at DNS and network levels using exact domain matching. Users who may have visited should immediately change passwords and enable multi-factor authentication on legitimate Kraken accounts. Report suspicious activity to Kraken’s abuse channels and forward indicators to threat intelligence platforms. Organizations are advised to update browser and email filtering rules with this domain and the associated IP, while monitoring for similar domains registered through NICENIC with keywords like “kraken” or “exchange”. Continuous monitoring is critical given the domain’s recent creation and active threat status.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2024-08-12 13:16:16
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 185.226.92.168

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c8e3e2ac-586a-4fb8-8d39-bf2ecfb2960f
- PhishDestroy: https://phishdestroy.io/domain/kraken36-at.com/
- LLM endpoint: https://phishdestroy.io/domain/kraken36-at.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken36-at.com/
Last updated: 2026-03-27