# ckr-landing-v2.pages.dev — SUSPICIOUS

> PhishDestroy identifies ckr-landing-v2.pages.dev hosting a fake landing page phishing scam. VirusTotal shows 0/95 detections. Check the full report.

## Summary
PhishDestroy has flagged ckr-landing-v2.pages.dev as a live fake landing page phishing domain actively mimicking legitimate login or registration portals to harvest credentials. This domain leverages Cloudflare’s Pages service and resolves to IP 188.114.96.3, using a Google Trust Services SSL certificate to appear trustworthy. The infrastructure choice—Cloudflare Pages—allows rapid deployment and evasion of takedowns, while the Google certificate adds a veneer of legitimacy that lowers user suspicion. Early intelligence suggests this domain may be part of a broader campaign targeting users expecting branded or corporate landing experiences.


This domain remains undetected on VirusTotal with 0 detections across 95 security engines as of the latest scan, indicating it is not yet widely recognized as malicious. It was registered through Cloudflare, Inc., a common tactic to obfuscate the true registrant, and currently shows no presence on major blocklists. The use of a legitimate hosting and certificate authority (Cloudflare Pages, Google Trust Services) complicates detection for both users and automated tools, increasing the risk of successful compromise. Given the absence of detections and low visibility on blocklists, this domain poses a credible threat, especially to users expecting branded or corporate content.


If you or anyone in your organization has visited ckr-landing-v2.pages.dev, assume credentials entered were compromised and immediately reset passwords for affected accounts. Do not reuse passwords across services. Isolate any device that accessed this domain from corporate networks, scan for malware, and monitor for unusual login attempts or data exfiltration. Report the incident to your security team and consider blocking the domain and IP (188.114.96.3) at the network perimeter. Stay vigilant—this domain is active and under active investigation, with no confirmed takedown timeline. Consider deploying browser-based warnings or DNS filtering rules as a proactive defense.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f12a8c39-4fb1-4a24-9e7c-318e80891420
- PhishDestroy: https://phishdestroy.io/domain/ckr-landing-v2.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ckr-landing-v2.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ckr-landing-v2.pages.dev/
Last updated: 2026-03-27