# keyforgeonline.com — SUSPICIOUS > keyforgeonline.com is a Microsoft 365 credential phishing site. Zero detections on VirusTotal but active since March 12, 2026. Check the full report. ## Summary PhishDestroy identifies keyforgeonline.com as an active credential phishing domain designed to harvest Microsoft 365 login credentials. The threat level is marked as 'under_investigation' due to ongoing behavioral analysis, but indicators strongly suggest a high-risk campaign targeting enterprise users. This domain mimics legitimate Microsoft authentication portals to deceive victims into surrendering sensitive credentials, making it a critical threat for organizations relying on Microsoft cloud services. This domain was flagged after being created on March 12, 2026, and resolving to IP address 159.195.9.211. It utilizes a Let's Encrypt SSL certificate (common among phishing sites to appear legitimate) and is registered through HOSTINGER operations, UAB. Despite zero detections on VirusTotal (0/95), the domain’s recent registration, hosting infrastructure, and SSL configuration align with known phishing toolkits. No current blocklist entries were detected at the time of assessment, though this may change as threat intelligence evolves. Users and organizations should immediately block access to keyforgeonline.com at the network level and avoid visiting the site. If credentials were entered, revoke access for the compromised account in Microsoft 365’s admin center and enforce password resets. Enable multi-factor authentication (MFA) as an additional safeguard. Report the domain to Microsoft’s phishing reporting tool and your organization’s security team. Monitor for unusual login attempts or data exfiltration patterns linked to this campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-12 08:51:16 - Registrar: HOSTINGER operations, UAB - IP: 159.195.9.211 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/keyforgeonline.com - PhishDestroy: https://phishdestroy.io/domain/keyforgeonline.com/ - LLM endpoint: https://phishdestroy.io/domain/keyforgeonline.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/keyforgeonline.com/ Last updated: 2026-04-06