# app-trust.pages.dev — SUSPICIOUS

> PhishDestroy flags app-trust.pages.dev as a crypto drainer mimicking trusted brands. 1 of 95 VirusTotal engines detect this active threat.

## Summary
PhishDestroy classifies app-trust.pages.dev as an 'elevated'-risk domain running a fake-login operation or crypto-asset drainer. This subdomain under pages.dev pretends to offer trustworthy authentication while covertly siphoning digital assets. Because it leverages HTTPS and Google’s Trust Services certificate, novice users may believe the site is legitimate, yet threat telemetry reveals counterfeit login portals that harvest private keys, wallet seeds, or exchange credentials. Anyone encountering this URL should treat it as hostile and avoid any interaction.  PhishDestroy’s ingestion pipeline confirms app-trust.pages.dev resolves to 172.66.44.58 and is registered through Cloudflare, Inc. The domain scored a 1 / 95 detection ratio on VirusTotal at the time of ingestion, meaning only one security vendor flagged the asset while 94 others remained unaware. The pages.dev zone itself offers no inherent trust guarantees; it is merely a free, fast-hosting layer that threat actors abuse for disposable phishing infrastructures. Historical telemetry indicates this domain was created recently and remains active, suggesting rapid turnover to evade blocklists. Despite the reassuring Google Trust Services OV certificate, the mismatch between branding (“app-trust”) and the ephemeral pages.dev origin should trigger immediate scrutiny.  Mitigation is straightforward: never enter private keys, wallet seeds, or exchange passwords on app-trust.pages.dev. Treat any prompt for crypto-asset transfers as hostile, even if the interface mimics a known wallet or exchange branded page. Users should immediately revoke any credentials that may have been exposed and scan connected wallets for unauthorized transactions. Blocklists should be updated with the IP 172.66.44.58 and the domain itself to prevent repeat visits. If you must verify a site hosting crypto services, perform an independent lookup of official URLs via a non-suspicious browser session rather than following links from unsolicited messages or social media posts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.58

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cb0243ca-949f-4fc6-b68a-629135b80ae5
- PhishDestroy: https://phishdestroy.io/domain/app-trust.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/app-trust.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-trust.pages.dev/
Last updated: 2026-03-23