# kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live — SUSPICIOUS

> kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live poses an elevated brand impersonation threat targeting Kraken, flagged by 3 of 95 vendors.

## Summary
The domain kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live has been identified as an active threat exhibiting brand impersonation behavior. It specifically targets the Kraken brand, attempting to deceive users by mimicking the trusted cryptocurrency exchange. This domain remains operational and poses an elevated risk to those who may encounter it.

According to VirusTotal analysis, this domain is flagged by 3 out of 95 security vendors, indicating some consensus on its malicious potential. The domain was registered on November 17, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED. It resolves to the IP address 104.21.14.131 and utilizes an SSL certificate issued by Google Trust Services, which may lend false credibility to unsuspecting users. Despite being reported by a limited number of scanners, the domain's recent creation and active status suggest a potential for ongoing exploitation.

Given its impersonation of Kraken and the elevated threat level, users and organizations should exercise caution when interacting with this domain. It is recommended to block or blacklist kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live within security systems and to educate users about verifying URLs carefully before engaging with cryptocurrency-related services. Continuous monitoring for any related phishing campaigns or fraud attempts linked to this domain is advised to mitigate risk effectively.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2025-11-17 12:53:20
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.14.131

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4b47ef0c-a48d-4d73-a25c-b106aac8b6ce
- PhishDestroy: https://phishdestroy.io/domain/kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live/
- LLM endpoint: https://phishdestroy.io/domain/kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kraken2trfqodidvlh4aa337cpzfrhdlfldhve5nf7njhumwr7instad.live/
Last updated: 2026-03-28