# kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com — MALICIOUS > PhishDestroy identifies kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com as a crypto drainer impersonating Kraken. SSL: Google Trust Services. ## Summary PhishDestroy identifies kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com as an elevated-risk brand impersonation domain designed to deploy crypto drainers targeting Kraken users. This domain was flagged by 10 out of 95 VirusTotal security vendors within hours of its creation on August 03, 2023, indicating active malicious intent and rapid detection by the security community. The domain resolves to IP 104.21.91.252 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently associated with bulk malicious registrations. Despite hosting an SSL certificate issued by Google Trust Services, the domain remains untrusted due to the high number of security vendor detections and its clear impersonation of the legitimate Kraken cryptocurrency exchange platform. This domain represents a sophisticated crypto drainer threat, where attackers trick users into connecting their crypto wallets under the guise of legitimate Kraken services, only to drain funds via malicious smart contracts. The domain's age (created August 03, 2023) is extremely young for a financial services impersonation, a common tactic used by threat actors to exploit user trust before takedowns occur. The IP address 104.21.91.252 is known to host multiple crypto drainer campaigns and has been flagged in multiple threat intelligence feeds. The presence of a Google Trust Services SSL certificate is a tactic to appear legitimate, but it does not mitigate the underlying malicious intent. The 10/95 VirusTotal detection ratio suggests partial but not universal visibility, leaving many users vulnerable to exposure. To mitigate the risk posed by kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com, users must immediately verify any unsolicited links or domains claiming affiliation with Kraken by using PhishDestroy’s real-time domain lookup tool. Never connect your crypto wallet to unfamiliar domains, even if they display SSL certificates. Always navigate directly to kraken.com using a known, trusted bookmark or search engine result. If you suspect interaction with this domain, revoke any wallet connections immediately using your wallet provider’s security settings and monitor your transaction history for unauthorized transfers. Report this domain to Kraken’s abuse team and PhishDestroy to aid in global takedown efforts. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Kraken ## Domain Intelligence - Registered: 2023-08-03 17:44:36 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.91.252 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1633c0e7-e924-4722-916d-6bed00431c19 - PhishDestroy: https://phishdestroy.io/domain/kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com/ - LLM endpoint: https://phishdestroy.io/domain/kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhu7instad.com/ Last updated: 2026-03-27