# apkcraft.pages.dev — SUSPICIOUS > apkcraft.pages.dev poses as a legitimate APK download site but distributes malicious Android apps. VirusTotal flags it at 0/95. Avoid downloads immediately. ## Summary PhishDestroy identifies apkcraft.pages.dev as an active generic phishing domain hosting counterfeit APK files under the guise of legitimate Android applications. This domain is currently classified as under_investigation with a risk level pending further analysis. The threat involves luring users into downloading malicious APKs that may exfiltrate data, install malware, or compromise devices. Android users are specifically targeted, as the domain mimics a repository for modified or cracked apps, a common tactic in mobile malware campaigns. This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it remains undetected by most antivirus engines despite its malicious intent. The domain is registered through Cloudflare, Inc. and resolves to IP address 172.66.47.198, which is associated with Google Trust Services SSL certificates. The domain is hosted on a Cloudflare Workers subdomain (pages.dev), a legitimate service often abused by threat actors to host phishing pages due to its low barrier to entry and evasion of traditional hosting takedowns. While the SSL certificate itself is valid, it does not validate the legitimacy of the content served, a common tactic to mislead users into trusting the site. Historical data suggests this domain may have been recently registered, though the exact creation date is not disclosed in the available intelligence. The lack of detections on VirusTotal, combined with the use of Google’s infrastructure, highlights the sophistication of this phishing operation and the challenges in early detection. As of this report, apkcraft.pages.dev remains active and poses a significant risk to users seeking APK files outside official app stores. The domain’s current status is active, with no known takedown efforts at this time. Users are strongly advised to avoid downloading any files from this domain, as the APKs may contain spyware, ransomware, or banking trojans. Android devices should be scanned with reputable mobile security software, and users should only download APKs from verified sources like the Google Play Store. Network administrators are recommended to block the domain at the DNS level and monitor outbound traffic to IP 172.66.47.198. Additionally, users who may have interacted with this domain should perform a factory reset on their devices if any suspicious activity is detected and revoke any unnecessary app permissions. Reporting this domain to cybersecurity platforms and local authorities can aid in its eventual takedown. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.198 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/apkcraft.pages.dev - PhishDestroy: https://phishdestroy.io/domain/apkcraft.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/apkcraft.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/apkcraft.pages.dev/ Last updated: 2026-04-07