# krakenmarkets.net — SUSPICIOUS > krakenmarkets.net detected as Kraken brand impersonation phishing site. 0/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies krakenmarkets.net as an active Kraken brand impersonation phishing site. This domain, registered on May 27, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, impersonates the legitimate cryptocurrency exchange Kraken to deceive users into revealing sensitive account credentials or financial data. The site currently resolves to IP address 104.21.67.169, secured with a Google Trust Services SSL certificate to appear authentic. Despite the fraudulent nature of the domain, it remains undetected by any of the 95 VirusTotal vendors, indicating a low initial detection rate that could allow the campaign to persist undetected by automated security tools. The domain has not been listed on any known blocklists, further reducing its observable footprint in threat intelligence feeds as of the time of analysis. The absence of detections does not imply safety; rather, it highlights the sophisticated nature of modern phishing campaigns, which often leverage newly registered domains and trusted SSL certificates to bypass initial scrutiny. The domain’s registration through NICENIC INTERNATIONAL GROUP CO., LIMITED does not provide immediate red flags, as threat actors frequently exploit legitimate registrars to obscure their identities. The SSL certificate issued by Google Trust Services adds a veneer of legitimacy, tricking users into believing the site is secure and trustworthy. Given the domain’s age (created May 27, 2025) and the lack of proactive blocking, this campaign poses an immediate and credible threat to users seeking to access Kraken’s services, particularly those who may overlook subtle misspellings or unfamiliar domain names. PhishDestroy recommends immediate action to mitigate the risk posed by krakenmarkets.net. Users should avoid interacting with this domain and report it to Kraken’s official support channels and their email providers if encountered. Organizations are advised to update their threat intelligence feeds to include this domain and propagate the block across network defenses, including DNS filtering, firewalls, and endpoint protection platforms. Additionally, Kraken users should verify all links before entering credentials by cross-referencing with Kraken’s official domain (kraken.com) and enabling multi-factor authentication (MFA) wherever possible. Security teams are encouraged to monitor this domain for changes in infrastructure or hosting providers, as such shifts often indicate an escalation in the campaign’s sophistication. Proactive reporting to organizations like PhishTank, OpenPhish, or your regional CERT can further aid in disrupting this phishing operation before it inflicts broader damage. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Kraken ## Domain Intelligence - Registered: 2025-05-27 09:09:15 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.67.169 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5020f581-443c-4ff3-810b-33a019e1118b - PhishDestroy: https://phishdestroy.io/domain/krakenmarkets.net/ - LLM endpoint: https://phishdestroy.io/domain/krakenmarkets.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/krakenmarkets.net/ Last updated: 2026-03-27