# tkgthn.cfhostname11.cloud — SUSPICIOUS > tkgthn.cfhostname11.cloud is a live phishing domain serving a generic credential harvester since June 12 2025. The domain resolves to 104.18.14. ## Summary PhishDestroy identifies tkgthn.cfhostname11.cloud as an active phishing domain that was registered on June 12, 2025 through Gname.com Pte. Ltd. and currently resolves to IP 104.18.14.115. VirusTotal shows zero detections across 95 scanning engines, indicating the page is still under the radar. The domain was flagged for hosting a generic phishing page designed to harvest user credentials under an unverified SSL certificate issued by Google Trust Services. No specific brand impersonation or drainer kit artifacts are present in the available telemetry. Technical indicators confirm the domain’s recent creation (June 12 2025), a VirusTotal score of 0/95 detections, registration via Gname.com Pte. Ltd, resolution to IP 104.18.14.115, and issuance of an SSL certificate by Google Trust Services. Google Safe Browsing (GSB) has not yet blacklisted the domain, and no blocklist hits were recorded at the time of analysis. The domain’s age and lack of detections suggest it may be part of a newly deployed campaign still gaining traction. The domain remains active and poses a moderate but evolving risk due to its low detection footprint and active SSL certificate. Immediate actions include adding the domain and its resolving IP to blocklists, flagging the SSL certificate for revocation, and updating network defense rules to block inbound and outbound traffic. Users should avoid interacting with the domain and report any sightings via their organization’s incident response channels. Remaining risk is classified as under_investigation due to the lack of historical telemetry and the potential for additional payloads to be introduced. Security teams are advised to monitor for lateral movement and credential theft patterns associated with this domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-06-12 02:19:14 - Registrar: Gname.com Pte. Ltd. - IP: 104.18.14.115 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a90a77c6-22ad-4bae-97cc-daa6b9416490 - PhishDestroy: https://phishdestroy.io/domain/tkgthn.cfhostname11.cloud/ - LLM endpoint: https://phishdestroy.io/domain/tkgthn.cfhostname11.cloud/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tkgthn.cfhostname11.cloud/ Last updated: 2026-03-24