# rpcdappsquickfix.pages.dev — SUSPICIOUS

> rpcdappsquickfix.pages.dev identified as a crypto drainer with 2/95 VirusTotal detections. This Cloudflare-hosted domain mimics legitimate apps to steal crypto.

## Summary
PhishDestroy identifies rpcdappsquickfix.pages.dev as an active crypto drainer impersonating legitimate application dashboards to facilitate unauthorized cryptocurrency transfers. This domain leverages a sophisticated UI mimicking real RPC dashboard interfaces, embedded with malicious JavaScript designed to intercept and divert wallet transactions to attacker-controlled addresses. No known affiliation with legitimate projects has been verified; domain registration and hosting infrastructure suggest a deliberate impersonation campaign targeting users expecting secure access to blockchain tools.


Technical indicators confirm elevated risk: the domain resolves to IP 172.66.47.111 and is registered through Cloudflare, Inc. As of the latest scan, 2 out of 95 VirusTotal security vendors flagged this domain with no associated malicious payloads in public sandboxes. The SSL certificate is issued by Google Trust Services (GTS), indicating valid but likely misused HTTPS enforcement to appear legitimate. Cloudflare’s rapid infrastructure deployment may delay traditional takedown measures, and domain creation date remains unverified due to Cloudflare's privacy protection. While no confirmed presence on Google Safe Browsing (GSB) or major blocklists is recorded, this reflects potential detection lag rather than safety assurance.


Currently, rpcdappsquickfix.pages.dev remains active and accessible via multiple vectors including direct links and phishing emails. Immediate response includes disabling access at DNS and network levels, blocking IP 172.66.47.111 and AS13335 (Cloudflare), and flagging all associated wallet addresses identified in transaction logs. Users should avoid accessing this domain and verify all RPC endpoints via official project websites. Residual risk remains elevated due to Cloudflare’s masking of origin servers and potential for rapid domain rotation. Continuous monitoring and proactive user education are essential to mitigate ongoing threats from this drainer campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.111

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/414e0083-2265-4b1b-b12d-9d2565f33e0a
- PhishDestroy: https://phishdestroy.io/domain/rpcdappsquickfix.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/rpcdappsquickfix.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/rpcdappsquickfix.pages.dev/
Last updated: 2026-03-22