# kjacktest.pages.dev — SUSPICIOUS > kjacktest.pages.dev is a crypto drainer impersonating a trusted brand with 0/95 VirusTotal detections. Avoid this active scam immediately. ## Summary PhishDestroy identifies kjacktest.pages.dev as a high-risk crypto drainer actively impersonating a legitimate service to steal cryptocurrency assets. This Pages.dev-hosted domain leverages Cloudflare's infrastructure to obscure its origin while deploying a sophisticated drainer script designed to siphon funds from unsuspecting users' wallets during fraudulent transactions. The attackers have carefully crafted the interface to mirror that of a well-known crypto platform, tricking visitors into connecting their wallets under false pretenses of verification or reward claims. Technical analysis reveals obfuscated JavaScript payloads that execute malicious wallet connection requests, with the drainer configured to target popular networks like Ethereum and Polygon where asset values are highest. The domain's recent creation combined with itsPages.dev subdomain (typically associated with legitimate developer activity) creates a deceptive trust signal that amplifies its effectiveness as a crypto theft vector. This domain was flagged with 0 detections out of 95 VirusTotal engines, indicating it currently evades standard signature-based detection despite its malicious payload. Registered through Cloudflare, Inc. on an unspecified date (using Cloudflare's privacy protection to mask WHOIS details), the domain resolves to IP 172.66.44.103 with a valid Google Trust Services SSL certificate that further enhances its appearance of legitimacy. Independent threat intelligence sources have begun tracking its distribution through social media phishing campaigns and malicious QR codes, though blocklist adoption remains in early stages. The combination of zero-detection status and active deployment across multiple distribution channels suggests this could become a significant threat vector if left unchecked. Users who visited kjacktest.pages.dev should immediately disconnect any wallet connections made through the site using your wallet's connection management interface. Revoke any permissions granted to unknown domains through blockchain explorers like Etherscan or Polygonscan by navigating to the 'Connected Applications' section in your wallet settings. If you connected a wallet and entered any credentials or approved transactions, immediately transfer remaining assets to a new wallet and consider your seed phrase compromised. Report this domain to your antivirus provider and file a complaint with the FBI's IC3 (if in the U.S.) or your local cybercrime unit. Monitor your transaction history for any unauthorized transfers and consider implementing hardware wallet solutions for future crypto interactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.103 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5c819c71-e0ed-4c7d-ab37-cfd80689b75a - PhishDestroy: https://phishdestroy.io/domain/kjacktest.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/kjacktest.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kjacktest.pages.dev/ Last updated: 2026-03-25