# kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com — MALICIOUS > Domain kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com is a brand impersonation site mimicking Kraken. 19/95 VirusTotal vendors flag it. ## Summary PhishDestroy identifies kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com as an active brand impersonation domain targeting Kraken users, presenting an elevated risk to visitors. This malicious site masquerades as the legitimate Kraken cryptocurrency exchange platform, aiming to deceive users into divulging sensitive credentials or transferring funds to attacker-controlled wallets. The domain resolves to IP address 188.114.96.3 and is equipped with an SSL certificate issued by Google Trust Services, lending it an air of authenticity that could easily mislead unsuspecting users. This domain was flagged by 19 out of 95 VirusTotal security vendors, indicating significant suspicion within the threat intelligence community. It was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on February 10, 2023, suggesting a deliberate effort to exploit the Kraken brand for fraudulent purposes. The combination of a recently created domain, a dubious registrar, and a high detection rate underscores the malicious intent behind this infrastructure. Users should remain vigilant, as this site exemplifies the lengths attackers go to capitalize on brand recognition for credential theft and crypto drainer operations. If you or your organization has interacted with kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com, immediately cease all further engagement and conduct a thorough review of any credentials or cryptocurrency wallet access that may have been exposed. Isolate affected systems to prevent lateral movement and scan for potential malware or unauthorized access. Report the incident to Kraken’s official support channels and consider revoking any exposed credentials or tokens. Implement network-level blocking of the domain and associated IP addresses (188.114.96.3) to prevent further exploitation. Educate users on recognizing brand impersonation tactics, such as verifying domain spellings and using official Kraken channels for all communications. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Kraken ## Domain Intelligence - Registered: 2023-02-10 20:13:14 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 19 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1b53a321-cbb6-4081-a056-3d536e175990 - PhishDestroy: https://phishdestroy.io/domain/kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com/ - LLM endpoint: https://phishdestroy.io/domain/kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kraken2trfqodidvlh4a337cpzfrhdlfldhve5nf7njhumwr7instad-onion.com/ Last updated: 2026-03-28