# kraken3yvbvzmhytnrnuhsy772i6dfobofu652e27f5hx6y5cpj7rgydonion.net — MALICIOUS

> kraken3yvbvzmhytnrnuhsy772i6dfobofu652e27f5hx6y5cpj7rgydonion.net is a brand impersonation domain flagged by 16/95 VirusTotal vendors as a crypto drainer.

## Summary
PhishDestroy identifies an active brand impersonation domain masquerading as Kraken to deploy a crypto drainer. The domain kraken3yvbvzmhytnrnuhsy772i6dfobofu652e27f5hx6y5cpj7rgydonion.net was registered on February 23, 2026 using Gname 060 Inc as the registrar. It currently resolves to IP 45.130.151.196 and uses a Let’s Encrypt SSL certificate to appear legitimate. With 16 out of 95 security vendors flagging the domain, this presents an elevated risk of credential theft and asset loss for cryptocurrency users who interact with it.  This domain poses a direct threat through brand impersonation, targeting users familiar with Kraken’s services to trick them into connecting crypto wallets or entering login credentials. The presence of 16 VirusTotal detections, combined with its recent creation and use of a valid SSL certificate, increases the likelihood of successful deception. Security researchers have observed similar infrastructure in previous crypto drainer campaigns, where domains mimic legitimate exchanges to siphon digital assets via malicious wallet connections or phishing pages.  Users who accessed this domain or entered any information should immediately revoke any connected wallet permissions, change all passwords used on the site, and scan devices with updated antivirus software. Block this domain at the network or host level using the IP and domain records and report the activity to Kraken’s abuse team and relevant cybercrime units. Avoid any further interaction, as the risk of financial loss remains high while the campaign is active.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2026-02-23 19:35:03
- Registrar: Gname 060 Inc
- IP: 45.130.151.196

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b501cd60-3b54-480f-95ab-0ac0d59cfd76
- PhishDestroy: https://phishdestroy.io/domain/kraken3yvbvzmhytnrnuhsy772i6dfobofu652e27f5hx6y5cpj7rgydonion.net/
- LLM endpoint: https://phishdestroy.io/domain/kraken3yvbvzmhytnrnuhsy772i6dfobofu652e27f5hx6y5cpj7rgydonion.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken3yvbvzmhytnrnuhsy772i6dfobofu652e27f5hx6y5cpj7rgydonion.net/
Last updated: 2026-03-28