# kraken6gf6o4rxewycqwjgfchzgxyfeoj5xafqbfm4vgvyaig2vmxvyd-onion.info.updowntoday.com — SUSPICIOUS

> PhishDestroy flags kraken6gf6o4rxewycqwjgfchzgxyfeoj5xafqbfm4vgvyaig2vmxvyd.onion.info.updowntoday.com as a Kraken crypto drainer.

## Summary
PhishDestroy has identified an active domain impersonating one of the world’s largest cryptocurrency exchanges, Kraken. The domain kraken6gf6o4rxewycqwjgfchzgxyfeoj5xafqbfm4vgvyaig2vmxvyd.onion.info.updowntoday.com was registered through GoDaddy on October 27, 2018 and currently resolves to 5.187.5.141. At the time of writing, VirusTotal shows 0 out of 95 scanning engines flagging the host as malicious, leaving users unprotected should they visit. The domain includes a Let’s Encrypt SSL certificate, which gives it the superficial appearance of legitimacy despite its purpose.  This domain is categorized as an active crypto-draining threat, meaning visitors who interact with it may have their cryptocurrency wallets silently drained of assets without their knowledge or consent. The site mirrors Kraken’s login flow and branding to deceive victims into entering wallet credentials or connecting compromised wallet extensions. Technical indicators include the domain’s registration via GoDaddy, an unusually long subdomain string acting as a randomized seed (kraken6gf6o4rxewycq), and its use of a free Let’s Encrypt certificate to appear trustworthy. Despite being active and publicly accessible, it remains undetected by the majority of antivirus and security platforms, increasing the likelihood that unsuspecting users will fall victim.  If you or someone you know has visited this domain, disconnect any connected wallets immediately, revoke any unauthorized permissions, and transfer remaining funds to a secure wallet. Do not interact further with the site. Report the domain to PhishDestroy for real-time blocking and threat intelligence updates. This site exemplifies the growing sophistication of crypto-draining campaigns and underscores the need for proactive threat detection and user verification before engaging with any financial platform.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2018-10-27 23:01:19
- Registrar: GoDaddy.com, LLC
- IP: 5.187.5.141

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6fa47b87-4310-4227-b1c0-295922a950b6
- PhishDestroy: https://phishdestroy.io/domain/kraken6gf6o4rxewycqwjgfchzgxyfeoj5xafqbfm4vgvyaig2vmxvyd-onion.info.updowntoday.com/
- LLM endpoint: https://phishdestroy.io/domain/kraken6gf6o4rxewycqwjgfchzgxyfeoj5xafqbfm4vgvyaig2vmxvyd-onion.info.updowntoday.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken6gf6o4rxewycqwjgfchzgxyfeoj5xafqbfm4vgvyaig2vmxvyd-onion.info.updowntoday.com/
Last updated: 2026-03-28