# quiktoolz.pages.dev — SUSPICIOUS > quiktoolz.pages.dev — crypto drainer phishing site detected. VirusTotal 0/95 detections. Verify URLs on PhishDestroy before interacting. ## Summary PhishDestroy identifies quiktoolz.pages.dev as a live crypto drainer phishing domain currently under investigation. This fraudulent site mimics legitimate tooling interfaces to steal cryptocurrency wallet credentials and drain digital assets. The domain leverages Cloudflare Pages infrastructure to host its malicious content, which is served over a valid Let's Encrypt SSL certificate from IP address 188.114.96.3 to enhance trustworthiness. While currently undetected by security engines (0/95 detections on VirusTotal), this domain represents an active and evolving threat with no confirmed safe classification. This threat actor employs a well-established technique: hosting a decoy tool interface designed to appear authentic while covertly exfiltrating wallet private keys or transaction signing requests. The domain was registered through Cloudflare, Inc., a common choice among threat actors due to its robust privacy protections. The fact that no security engines flagged this domain as of the latest scan (0/95 on VirusTotal) underscores the stealth of such attacks, which often evade detection until user reports or behavioral anomalies trigger analysis. The use of a Cloudflare Pages subdomain (pages.dev) provides attackers with fast deployment, global CDN distribution, and evasion of traditional hosting-based blocklists. Users who visited quiktoolz.pages.dev should immediately assume exposure risk to their cryptocurrency wallet or browser session. Do not interact with any wallet connection prompts or input private keys. Disconnect or restart your device if you entered credentials. Run a malware scan using reputable tools like Malwarebytes or Windows Defender. Revoke any unauthorized wallet connections in your wallet application settings. Report the domain to PhishDestroy with the seed identifier 524390 for immediate classification and global blocking. Avoid searching for or accessing tooling downloads from unfamiliar domains—always verify through official project repositories or trusted security platforms. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/quiktoolz.pages.dev - PhishDestroy: https://phishdestroy.io/domain/quiktoolz.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/quiktoolz.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/quiktoolz.pages.dev/ Last updated: 2026-04-04