# bloxytools.cc — SUSPICIOUS

> PhishDestroy identifies bloxytools.cc as a live credential theft page. 0/95 VirusTotal detections reported as of Apr 03 2026. Block immediately.

## Summary
PhishDestroy’s automated pipeline flagged the domain bloxytools.cc on April 03, 2026, as an active credential-theft endpoint. This newly registered domain (creation date: April 03, 2026) mirrors the branding of a popular development tool suite to harvest user credentials and session tokens. No evidence of a crypto-drainer kit or brand-specific impersonation page has been observed; instead, the page appears designed to harvest login details for subsequent account takeover.  

Technical indicators confirm this is a low-profile but active threat. VirusTotal currently shows 0 detections out of 95 engines, indicating the page remains under the radar. The domain is registered through CNOBIN INFORMATION TECHNOLOGY LIMITED, resolving to IP 188.114.96.3. A Let’s Encrypt SSL certificate is in place, likely to increase user trust. Google Safe Browsing has not yet blacklisted the domain, and third-party blocklists have registered zero detections at the time of writing.  

The domain is classified as active and under investigation, with PhishDestroy’s threat intelligence team conducting deeper behavioral analysis. Users should block both the domain and IP immediately via firewall rules or DNS sinkholing. Given the absence of current AV coverage and the recent registration date, the risk of successful compromise remains MEDIUM until a remediation signature is widely deployed. Organizations are advised to invalidate any credentials entered on bloxytools.cc and to audit related accounts for suspicious activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-03 13:19:26
- Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/bloxytools.cc
- PhishDestroy: https://phishdestroy.io/domain/bloxytools.cc/
- LLM endpoint: https://phishdestroy.io/domain/bloxytools.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bloxytools.cc/
Last updated: 2026-04-06