# kracken--login.pages.dev — MALICIOUS

> kracken--login.pages.dev is a high-risk phishing domain. Avoid sharing passwords and stay vigilant. Do not enter personal info on suspicious sites.

## Summary
PhishDestroy identifies kracken--login.pages.dev as a high-risk credential phishing domain designed to steal user login information. This type of threat is critical because attackers use stolen credentials to access sensitive accounts, leading to identity theft, financial loss, and unauthorized data access. Users should be aware that such fraudulent sites often mimic legitimate services to deceive victims.

This domain was registered through Cloudflare, Inc. and created recently on February 21, 2026. It resolves to the IP address 172.66.47.115 and has been flagged by Google Safe Browsing for social engineering threats. Additionally, 14 out of 95 VirusTotal security vendors detected it as malicious. The site appears on three security blocklists and has since been taken offline, indicating active efforts to mitigate the threat.

Users are strongly advised not to enter any personal or login information on kracken--login.pages.dev or similar suspicious URLs. Always verify the legitimacy of web addresses before submitting credentials. Employ multi-factor authentication where possible and monitor accounts for unusual activity. If you suspect you have submitted information to this site, change your passwords immediately and consider using a reputable security solution to scan your devices.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.115
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["suzanne.ns.cloudflare.com", "jaime.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd10f-2e64-770c-b68d-86b959632dc5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c0036661-9701-483d-ac9e-0503ec05a1a8
- PhishDestroy: https://phishdestroy.io/domain/kracken--login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/kracken--login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kracken--login.pages.dev/
Last updated: 2026-03-19