# PhishDestroy threat dossier — krakenweb3.com ================================================================ Fetched: 2026-07-03 16:04:32 UTC Canonical: https://phishdestroy.io/domain/krakenweb3.com/ ## VERDICT ---------------------------------------------------------------- TAKEN DOWN (neutralised) Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Kraken ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 4/91 security vendors flagged this domain Flagging vendors: ChainPatrol, Gridinsoft Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 216.198.79.1 (US, Atlanta) ASN: AS16509 Amazon.com, Inc. Hosting org: Lefkoff Industries Registrar: Spaceship, Inc. Nameservers: launch1.spaceship.net, launch2.spaceship.net Registered: 2026-06-30 Expires: 2027-06-30 Page title: Krakenweb3 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR1 Expires: 2026-09-28 Status: INVALID chain Fingerprint: b5cddeb6151221d3069ae9e5fc9899826f55bcbe913835226e34c5bc3751cee3 ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: CLOSED — no report required. This domain was neutralised before the abuse-report cycle could be dispatched — either the hosting provider / registrar suspended it on their own, the DNS went dead, or the operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file for audit but no formal notice was sent. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2026-06-30 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-01 06:21:28 UTC (by PhishDestroy tracker) First reported: 2026-07-01 04:47:59 UTC (abuse notice filed) Last verified: 2026-07-03 16:20:36 UTC Neutralised: 2026-07-01 12:02:52 UTC Current status: taken down (registrar suspended or DNS dead) ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f1be7-f83c-734e-b79c-653c10defcf3/ URLQuery: https://urlquery.net/report/97da0965-3789-4108-b916-e3506a3a97d0 Wayback Machine: https://web.archive.org/web/*/krakenweb3.com crt.sh CT logs: https://crt.sh/?q=%25.krakenweb3.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=krakenweb3.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/krakenweb3.com URLhaus: https://urlhaus.abuse.ch/host/krakenweb3.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-01 06:25:52 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain is flagged as a high-risk brand impersonation threat specifically targeting Kraken, a cryptocurrency exchange platform. The infrastructure is designed to deceive users into believing they are interacting with legitimate Kraken services, potentially leading to credential theft, financial fraud, or unauthorized access to sensitive accounts. Analysis indicates the domain krakenweb3.com was registered on June 30, 2026, through Spaceship, Inc. It currently resolves to the IP address 216.198.79.1 and employs a Let's Encrypt SSL certificate, which may lend a false sense of legitimacy. VirusTotal reports that 2 out of 95 security vendors have flagged this domain as malicious. The page title, Krakenweb3, further reinforces the attempt to mimic the Kraken brand. No evidence of widespread blocklisting or low trust scores from additional threat intelligence platforms was observed at the time of analysis, though the domain remains active and unmitigated. To mitigate risks associated with this brand impersonation threat, organizations and users should immediately block the domain krakenweb3.com and its resolving IP address 216.198.79.1 at the network perimeter. Security teams are advised to monitor for any attempts to access this domain from internal networks and investigate potential exposure. Users should be educated on verifying domain authenticity, particularly for financial or cryptocurrency-related services, by cross-referencing URLs with official sources. Multi-factor authentication (MFA) should be enforced for all accounts associated with Kraken or similar platforms to reduce the impact of credential compromise. If interaction with this domain has already occurred, affected accounts should be reviewed for unauthorized activity, and credentials should be rotated immediately. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260701-00BD8C Favicon MD5: 7b5bd5bf08e5018092b280b032ca601a TLS cert SHA-256: b5cddeb6151221d3069ae9e5fc9899826f55bcbe913835226e34c5bc3751cee3 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/krakenweb3.com/ JSON API: https://api.destroy.tools/v1/check?domain=krakenweb3.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 174,403 domains (13,595 alive under monitoring, 159,990 confirmed takedowns/dead). Site: https://phishdestroy.io