# log-en-krakenlogin.pages.dev — MALICIOUS

> log-en-krakenlogin.pages.dev impersonates Kraken in a high-risk phishing attempt. Taken offline; stay alert and avoid interacting with this domain.

## Summary
PhishDestroy identifies log-en-krakenlogin.pages.dev as a high-risk brand impersonation domain targeting Kraken users. The domain is designed to mimic Kraken's login portal, posing a significant social engineering threat that could lead to credential theft and unauthorized account access. This type of phishing attack undermines user trust in legitimate services and can result in financial loss and identity compromise.

The domain was registered through Cloudflare, Inc. and was active briefly before being taken offline. It resolved to IP 172.66.47.175 and was flagged by Google Safe Browsing under social engineering concerns. Additionally, 14 out of 95 security vendors on VirusTotal identified malicious behavior, and the domain appeared on three separate security blocklists. Its creation date of February 21, 2026, suggests it was recently established, likely as part of a targeted phishing campaign. Cloudflare’s own warning page further corroborates the suspicious nature of this domain.

Users are strongly advised to avoid any interaction with log-en-krakenlogin.pages.dev and not to enter any personal or financial information on this or similar domains. Always verify URLs carefully and use official Kraken channels or trusted bookmarks when accessing financial services. Enabling multi-factor authentication on Kraken accounts and monitoring account activity can help mitigate potential harm from phishing attempts. Reporting suspicious domains to security teams and platforms like PhishDestroy aids in protecting the broader community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Kraken
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.175
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["carmelo.ns.cloudflare.com", "monika.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c86aa-8f04-778a-883c-0bbb5d1cada8.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/08fa4697-c3a4-4b4f-a2da-2906d41269bc
- PhishDestroy: https://phishdestroy.io/domain/log-en-krakenlogin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/log-en-krakenlogin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/log-en-krakenlogin.pages.dev/
Last updated: 2026-03-19