# sso-kraken--login.pages.dev — MALICIOUS

> Warning: The domain sso-kraken--login.pages.dev is linked to credential phishing. Avoid interaction as it is now offline but was highly risky.

## Summary
PhishDestroy identifies sso-kraken--login.pages.dev as a high-risk credential phishing domain designed to steal user login credentials. Credential phishing remains a critical threat, enabling attackers to gain unauthorized access to sensitive accounts and personal data. Immediate awareness and caution are essential to prevent compromise.

The phishing infrastructure relied on the Cloudflare, Inc. platform, leveraging pages.dev domain services to create a convincing fake login portal. Google Safe Browsing has flagged this domain under SOCIAL_ENGINEERING, and it appeared on three separate security blocklists. VirusTotal analysis showed that 14 out of 95 security vendors detected malicious activity associated with this domain. The site was registered recently on February 21, 2026, and has since been taken offline.

Users are urged to remain vigilant and avoid interacting with suspicious links resembling login portals, especially those with unusual domain names like sso-kraken--login.pages.dev. It is recommended to verify URLs carefully, enable multi-factor authentication on accounts, and report any phishing attempts promptly. Staying informed via trusted sources like PhishDestroy can help mitigate risks posed by evolving phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Kraken
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.74
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["cris.ns.cloudflare.com", "pat.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b514b-10f2-7676-9ff9-8712de545142.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f1f0bfdd-61f1-4a26-a129-9c5177afa63d
- PhishDestroy: https://phishdestroy.io/domain/sso-kraken--login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-kraken--login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-kraken--login.pages.dev/
Last updated: 2026-03-19