# krakein.cc — SUSPICIOUS

> krakein.cc impersonates Kraken in a brand impersonation attack with 0/95 VirusTotal detections. Crypto drainer payload suspected. Avoid interactions immediately.

## Summary
PhishDestroy identifies krakein.cc as a live domain actively impersonating Kraken, the well-known cryptocurrency exchange, in what appears to be a crypto-drainer campaign. The domain was registered only days ago (October 08, 2025) and currently resolves to 188.114.97.3, a hosting IP that has yet to be widely blocked. Despite zero VirusTotal detections at the time of analysis, the site’s SSL certificate issued by Google Trust Services lends it an air of legitimacy that threat actors routinely exploit to harvest credentials, drain wallets, or push malware. Because the domain is only hours old, it remains under the radar of most automated scanners, leaving users exposed to a fresh, high-risk impersonation.  This domain was flagged through seed 98d505 after matching Kraken’s visual identity and domain structure, with exact indicators including VirusTotal’s 0/95 detection ratio, registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, and a creation timestamp of October 08, 2025. The lack of historical blocklist entries and the use of a reputable certificate authority suggest this is an early-stage operation, likely targeting users searching for Kraken services or promotions. The IP address 188.114.97.3 is part of a larger range known for hosting low-reputation services, reinforcing the likelihood of malicious intent.  If you visited krakein.cc or entered any information, disconnect affected devices from the internet immediately and revoke any API keys, wallet passwords, or browser sessions tied to Kraken or other crypto services. Scan the device with an updated antivirus or EDR tool to detect potential infostealers or drainers. Report the domain to your security team and block the IP (188.114.97.3) and domain at the firewall or DNS level. Monitor crypto wallet addresses and exchange accounts for unauthorized transactions for at least 72 hours. Consider rotating credentials across all high-value accounts and enabling hardware-backed 2FA where available.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2025-10-08 18:26:58
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1ca805bf-14cf-4c8d-a22f-0c25cedba05f
- PhishDestroy: https://phishdestroy.io/domain/krakein.cc/
- LLM endpoint: https://phishdestroy.io/domain/krakein.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krakein.cc/
Last updated: 2026-03-27