# locomate.my.kzproxy.dfgcloud.com — MALICIOUS

> locomate.my.kzproxy.dfgcloud.com is a high-risk phishing domain impersonating Salesforce. Stay vigilant and avoid this site to protect your credentials.

## Summary
PhishDestroy identifies locomate.my.kzproxy.dfgcloud.com as a high-risk phishing domain targeting users by mimicking a Salesforce login page. Phishing attacks like this aim to steal sensitive information such as usernames and passwords, posing significant security threats to individuals and organizations.

The domain was created recently on February 21, 2026, and resolves to IP address 85.198.90.44. It is registered through 101domain GRS Limited and currently appears on one security blocklist. VirusTotal data shows that 15 out of 95 security vendors flag this domain, reflecting strong consensus on its malicious nature. The domain has been taken offline, reducing immediate risk but remaining a relevant case for awareness.

Users are strongly advised to avoid interacting with this domain or entering any credentials. If you believe you have engaged with this phishing site, immediately change your related passwords and enable multifactor authentication where possible. Always verify URLs carefully before login and report suspicious domains to help mitigate phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 502)
- Page title: Login | Salesforce

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: 101domain GRS Limited
- Country: IE
- IP: 85.198.90.44
- IP Country: KZ
- IP City: Almaty
- IP Org: AS57008 ITGLOBAL.COM KZ LLP
- Nameservers: ["irena.ns.cloudflare.com", "vasilii.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "Cluster25", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c7221-b808-772b-8c2c-597dd7a5b00e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8ee43f5e-e778-423f-a7a2-a939b2a4a5c3
- PhishDestroy: https://phishdestroy.io/domain/locomate.my.kzproxy.dfgcloud.com/
- LLM endpoint: https://phishdestroy.io/domain/locomate.my.kzproxy.dfgcloud.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/locomate.my.kzproxy.dfgcloud.com/
Last updated: 2026-03-19