# krakenclir.com — SUSPICIOUS

> krakenclir.com mimics the real Kraken crypto exchange to steal login credentials; 3 of 95 security vendors flag it.

## Summary
PhishDestroy identifies krakenclir.com as an active brand-impersonation site designed to trick users into surrendering their Kraken account credentials. The domain resolves to IP 141.98.234.104 and was registered on December 01, 2025 through NICENIC INTERNATIONAL GROUP CO., LIMITED, using a Let’s Encrypt SSL certificate to appear legitimate.  This domain was flagged by exactly 3 of 95 VirusTotal security vendors at the time of analysis, indicating limited—but growing—recognition of its malicious nature. Its recent creation date and low initial detection rate suggest it may have been deployed as part of a fast-moving campaign targeting Kraken users during a period of heightened trading activity.  If you visited krakenclir.com, assume your credentials may have been compromised. Immediately log in to your real Kraken account from the official kraken.com domain and enable two-factor authentication. Revoke any sessions you do not recognize and change your password using a different, secure device. If you entered credentials on this fake site, contact Kraken support immediately and monitor your account for unauthorized transactions. Consider running a malware scan on the device you used to access the domain and avoid clicking any links received from unknown sources.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Kraken

## Domain Intelligence
- Registered: 2025-12-01 22:23:38
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 141.98.234.104

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b4ac64d5-7532-4758-95c4-9ddfd7aee9d5
- PhishDestroy: https://phishdestroy.io/domain/krakenclir.com/
- LLM endpoint: https://phishdestroy.io/domain/krakenclir.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krakenclir.com/
Last updated: 2026-03-28