# rfkttrr.pages.dev — SUSPICIOUS

> rfkttrr.pages.dev is a crypto-draining phishing site detected by 1/95 VirusTotal scanners. Do not interact; verify on PhishDestroy before clicking any links.

## Summary
PhishDestroy identifies rfkttrr.pages.dev as an active crypto-draining phishing domain posing an elevated risk to visitors. This site is designed to trick users into connecting crypto wallets under false pretenses, allowing attackers to drain funds directly. The domain appears to impersonate legitimate services by leveraging Cloudflare’s Pages hosting infrastructure, which is commonly abused for short-lived malicious campaigns.  This domain was flagged by VirusTotal with only 1 out of 95 security vendors detecting it, indicating low visibility in automated scans. The domain resolves to IP 188.114.96.3 and is registered through Cloudflare, Inc., which provides anonymity and rapid deployment capabilities often exploited by threat actors. Additionally, it holds a valid SSL certificate issued by Google Trust Services, adding a false sense of legitimacy. The domain has already been blocked by ScamSniffer and appears on one public blocklist, suggesting prior reports of abuse.  If you have visited rfkttrr.pages.dev, immediately disconnect your wallet and revoke any unauthorized permissions using tools like revoke.cash or wallet-specific security features. Do not enter credentials or connect any wallets on this domain. Run a malware scan on your device and change passwords for accounts exposed during the visit. Report the domain to PhishDestroy and your organization’s SOC if applicable to help block further abuse. Always verify URLs and use bookmarks for critical sites to avoid falling victim to impersonation schemes.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/300b45e3-1d82-4cd3-bfbe-9c20dd860a73
- PhishDestroy: https://phishdestroy.io/domain/rfkttrr.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/rfkttrr.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rfkttrr.pages.dev/
Last updated: 2026-03-22