# apikeytronscanner-dt9.pages.dev — SUSPICIOUS

> Does apikeytronscanner-dt9.pages.dev pose a threat? This domain is a crypto scam leveraging false API scanning tools—users risk credential theft.

## Summary
PhishDestroy identifies apikeytronscanner-dt9.pages.dev as an active crypto-focused phishing domain masquerading as a legitimate API key scanner. This domain specifically targets users seeking to validate cryptocurrency-related API credentials, luring victims under the false premise of security verification. Once accessed, the landing page deceives visitors into inputting sensitive API keys which are immediately exfiltrated to attacker-controlled infrastructure, enabling unauthorized access to cryptocurrency wallets and trading accounts. The threat remains under active investigation as of seed 37b1da.  

This domain exhibits several suspicious technical indicators. It resolves to IP address 188.114.97.3 via Cloudflare, Inc. registration, utilizing a legitimate Let's Encrypt SSL certificate to enhance credibility. VirusTotal currently shows 0 detections across 95 security engines, indicating it remains under the radar despite its malicious nature. The domain appears to be recently created, though the exact creation date is not publicly disclosed in current WHOIS records. Additionally, the use of Cloudflare Pages hosting (pages.dev subdomain) suggests an attempt to exploit benign cloud services for malicious purposes.  

If you visited apikeytronscanner-dt9.pages.dev or entered any information on the site, immediately revoke any exposed API keys through your cryptocurrency exchange or wallet provider's security dashboard. Conduct a full audit of your API access logs for unauthorized transactions. Reset all associated passwords and enable multi-factor authentication where available. Report the domain to your security team or file a complaint with relevant authorities such as the FBI Internet Crime Complaint Center (IC3) or local cybercrime units. Block the IP address 188.114.97.3 at your network perimeter and update firewall rules to prevent further communication with this infrastructure. Remain vigilant for follow-on phishing campaigns exploiting the stolen credentials.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ac785570-f267-43d5-ac77-7548aef2dc2d
- PhishDestroy: https://phishdestroy.io/domain/apikeytronscanner-dt9.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/apikeytronscanner-dt9.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/apikeytronscanner-dt9.pages.dev/
Last updated: 2026-04-12