# kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com — MALICIOUS > PhishDestroy identifies kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com as a brand impersonation domain impersonating Kraken. ## Summary PhishDestroy has identified kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com as an active brand impersonation domain targeting Kraken users. This domain is designed to mimic the legitimate Kraken cryptocurrency exchange, likely to deceive victims into entering sensitive credentials or transferring funds to attacker-controlled wallets. While no specific drainer kit was observed in available telemetry, the domain’s structure and SSL certificate suggest it is part of a broader credential theft or cryptocurrency theft campaign. This domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on August 16, 2023, and resolves to IP address 188.114.97.3. The domain leverages a Google Trust Services SSL certificate, which may enhance its credibility in phishing campaigns. Security vendor analysis via VirusTotal reveals a detection rate of 9/95, indicating moderate but not universal recognition of its malicious nature. Additional telemetry confirms its presence on multiple threat intelligence blocklists, underscoring its active use in fraudulent activities. At present, kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com remains active and poses an elevated risk to users. Immediate defensive actions include blocking the domain and IP address at the network perimeter, updating browser and DNS-based blocklists, and alerting users to the threat. While the domain’s recent registration date may limit historical detection, its association with a well-known cryptocurrency brand and high-risk indicators necessitate urgent remediation. Remaining risk includes potential expansion of the campaign to other domains or infrastructure, requiring continuous monitoring and proactive threat hunting. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Kraken ## Domain Intelligence - Registered: 2023-08-16 12:52:29 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 9 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d7377a23-ce90-4df3-8ea2-b57285cda6ed - PhishDestroy: https://phishdestroy.io/domain/kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com/ - LLM endpoint: https://phishdestroy.io/domain/kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kraken2trfqodidvlh4a7cpzfrhdlfldhve5nf7njhumwr7instad.com/ Last updated: 2026-03-28