# krakenonionsite.com — MALICIOUS

> krakenonionsite.com poses a high risk by impersonating Kraken. Avoid interacting with it and stay vigilant against phishing attempts.

## Summary
PhishDestroy identifies krakenonionsite.com as a high-risk domain primarily engaged in brand impersonation targeting Kraken users. This malicious site attempts to deceive victims by mimicking the official Kraken platform, potentially exposing them to fraud or credential theft.

Evidence supporting this threat includes its registration through NiceNIC International Group Co., Limited and its creation date of March 11, 2026. The domain resolves to an IPv6 address associated with Cloudflare infrastructure, which attackers often use to mask their real locations. VirusTotal flagged the domain by 16 out of 95 security vendors, and it appears on at least one security blocklist. The page title itself suggests an attempt to appear legitimate by using Russian language phrasing similar to official Kraken branding.

Currently, krakenonionsite.com has been taken offline, reducing immediate risk. Users are advised to avoid visiting this domain and to verify URLs thoroughly when accessing Kraken services. Organizations should continue monitoring for related phishing campaigns and educate their members on spotting impersonation tactics to mitigate potential harm.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Kraken
- Page title: Kraken - официальный сайт площадки KRAKEN ONION

## Domain Intelligence
- Registered: 2026-03-11 17:07:02
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 2606:4700:20::681a:e3c
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["aliza.ns.cloudflare.com", "neil.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce201-7c98-75cc-a7c9-87a0f9db72bb.png
- PhishDestroy: https://phishdestroy.io/domain/krakenonionsite.com/
- LLM endpoint: https://phishdestroy.io/domain/krakenonionsite.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krakenonionsite.com/
Last updated: 2026-03-19