# help-krakken-doc.pages.dev — MALICIOUS

> Avoid help-krakken-doc.pages.dev — a high-risk phishing domain now offline. Do not enter personal info if you encountered this site.

## Summary
PhishDestroy identifies help-krakken-doc.pages.dev as a dangerous phishing domain that was active since September 2020. Despite being taken offline, it was flagged by multiple security blocklists and triggered alerts from several antivirus engines. Such sites aim to trick users into divulging sensitive information by impersonating legitimate services or support portals.

This phishing domain used deceptive tactics, likely masquerading as a trustworthy knowledge base or help document to lure victims. Visitors may have been prompted to enter login credentials, personal data, or financial information under false pretenses. The domain registered through Cloudflare, Inc. and resolved to an IP address associated with suspicious activity, increasing its risk profile.

If you visited help-krakken-doc.pages.dev, monitor your accounts closely for unauthorized activity and change any compromised passwords immediately. Avoid clicking links from unknown sources and use multi-factor authentication when available. Report any suspicious messages that directed you to this site to your IT department or cybersecurity provider to prevent further harm.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2020-09-02 02:33:29
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.204
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["adi.ns.cloudflare.com", "karl.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a8b41-263d-7141-a826-519f2a9ca47f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7e9e4f6a-5dfd-4fdb-b590-0d3428293e7c
- PhishDestroy: https://phishdestroy.io/domain/help-krakken-doc.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/help-krakken-doc.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/help-krakken-doc.pages.dev/
Last updated: 2026-03-19