# appconfigresolve.pages.dev — SUSPICIOUS > PhishDestroy identifies appconfigresolve.pages.dev as an active crypto credential theft domain with just 1/95 VirusTotal detections. ## Summary PhishDestroy has flagged appconfigresolve.pages.dev as a crypto credential theft vector leveraging brand impersonation tactics. This domain mimics legitimate configuration portals to harvest wallet credentials and private keys, posing an elevated risk to cryptocurrency users. While the domain structure suggests a configuration resolver, its primary function appears to be luring victims into submitting sensitive authentication data under false pretenses. No specific drainer kit has been publicly associated with this domain yet, but its infrastructure closely aligns with known wallet-stealing campaigns. This domain resolves to IP address 188.114.97.3 and is registered through Cloudflare, Inc., which also provides its SSL certificate via Let's Encrypt. VirusTotal currently reports only 1 out of 95 security vendors detecting this domain, indicating a low initial detection rate. Google Safe Browsing (GSB) has not flagged this domain, and no current blocklist entries were found in public threat intelligence sources. The domain's recent creation and lack of historical reputation contribute to its stealthy operation. While the registrar and CDN obscuration provide operational anonymity, the absence of GSB classification suggests it remains under the radar of major browsers. As of this advisory, appconfigresolve.pages.dev is actively resolving and serving content consistent with credential theft operations. Immediate containment is advised through DNS and IP blocking at the network perimeter. Users should avoid accessing this domain and verify any configuration-related communications through official channels. Although detection remains low, the domain's active status and infrastructure choices elevate the risk profile. Security teams are urged to monitor for lateral movement and credential reuse associated with this threat. Remaining risk is moderate due to the domain's active status and potential for continued evolution in evasion tactics. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d58cbc9d-a456-4829-9cc8-7fb714611c4b - PhishDestroy: https://phishdestroy.io/domain/appconfigresolve.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/appconfigresolve.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/appconfigresolve.pages.dev/ Last updated: 2026-03-22