# kronosnewupdate.pages.dev — SUSPICIOUS

> Caution advised for kronosnewupdate.pages.dev, a credential phishing domain now offline. Stay informed and protect your data from this threat.

## Summary
PhishDestroy has identified kronosnewupdate.pages.dev as a low-risk credential phishing domain targeting users with a fake "Kronos Trading - Quantitative Market Systems" page. The site aimed to deceive victims into revealing sensitive login credentials under the guise of a trading platform update.

The domain was registered on March 6, 2026, via Cloudflare, Inc., and resolved to IP address 172.66.47.138. It appeared on two security blocklists, and although only one out of 95 security vendors flagged it on VirusTotal, its presence on blocklists indicates some level of malicious activity. The hosting infrastructure leveraged Cloudflare’s network, commonly abused for phishing convenience.

Currently, kronosnewupdate.pages.dev has been taken offline, mitigating immediate risk. PhishDestroy recommends continued vigilance, blocking the domain in security appliances, and educating users about phishing attempts impersonating trading platforms. Monitoring similar new domains using the "kronos" trademark is advised to prevent future credential theft attempts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP ?)
- Page title: Kronos Trading - Quantitative Market Systems

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.138
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: hasslo.ns.cloudflare.com rosalyn.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["Phishing Database"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc27c-edf0-721b-9805-af26186a0ec5.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/kronosnewupdate.pages.dev
- Wayback Machine: https://web.archive.org/web/https://kronosnewupdate.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/kronosnewupdate.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/kronosnewupdate.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kronosnewupdate.pages.dev/
Last updated: 2026-03-19