# logs-krken-docs.pages.dev — MALICIOUS

> logs-krken-docs.pages.dev is a high-risk phishing domain flagged by multiple security tools. Avoid interaction; it is currently offline for safety.

## Summary
PhishDestroy identifies logs-krken-docs.pages.dev as a high-risk generic phishing domain. The domain was created recently in February 2026 and has been flagged by 16 out of 95 security vendors on VirusTotal, indicating a significant threat presence. It is associated with deceptive activities aimed at harvesting sensitive user credentials or information through fraudulent means, posing a clear risk to end users.

The domain is registered through Cloudflare, Inc., leveraging Cloudflare's infrastructure for hosting and DNS resolution. It resolves to the IP address 172.66.44.203 and is listed on three separate security blocklists, further corroborating its malicious intent. The Gridinsoft trust score rates this domain at 0/100, underscoring its untrustworthy status. The page title observed during investigation was "Suspected phishing site | Cloudflare," suggesting that protective measures are in place to warn users.

Currently, the domain is offline, likely due to takedown efforts or proactive security measures. Users and organizations are strongly advised to avoid visiting or interacting with this domain. Security teams should ensure it remains blocked within their environments and monitor for any resurgence or related phishing infrastructure. Continued vigilance is recommended to protect against similarly constructed phishing campaigns utilizing Cloudflare-hosted domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.203
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["karsyn.ns.cloudflare.com", "rick.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ca2a9-3fe4-71a4-8977-e6e8cac10b4b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/db74923a-52f4-4c24-9989-6610cde77619
- PhishDestroy: https://phishdestroy.io/domain/logs-krken-docs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/logs-krken-docs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/logs-krken-docs.pages.dev/
Last updated: 2026-03-19