# f-a-g-trust.pages.dev — SUSPICIOUS > PhishDestroy warns that f-a-g-trust.pages.dev is a crypto drainer mimicking FA grants. VirusTotal flags 3/95 engines. ## Summary PhishDestroy identifies f-a-g-trust.pages.dev as an active crypto drainer deployed under Cloudflare Pages, targeting unwary crypto users with fraudulent grant-themed lures. This domain resolves to Cloudflare IP 188.114.96.3 and leverages a Google Trust Services SSL certificate to appear legitimate, but its infrastructure is directly linked to crypto theft operations. Security telemetry confirms 3 out of 95 VirusTotal vendors have already flagged this page, with additional detection evidence from sandbox analyses indicating malicious JavaScript injection designed to drain wallet assets upon user interaction. Technical indicators and historical context support an elevated risk classification. The domain is hosted on Cloudflare Pages, a common service abused for phishing due to its legitimate appearance and rapid deployment capabilities. While registration metadata is obscured via Cloudflare’s privacy protections, the site’s active status and SSL issuance through Google Trust Services are indicative of an attempt to evade browser-based security warnings. The low but increasing detection rate on VirusTotal suggests this threat is emergent and spreading through targeted campaigns, likely distributed via social engineering or spoofed communications impersonating official grant programs. PhishDestroy’s internal blocklist has recorded multiple related domains sharing infrastructure, further validating the coordinated nature of this operation. Users who have visited this domain should immediately perform a full wallet audit and revoke any unauthorized token approvals using tools such as revoke.cash or similar blockchain security utilities. If any transaction occurred after visiting, it should be treated as compromised—users are advised to transfer remaining assets to a newly generated wallet via a clean device. Report the domain to PhishDestroy for takedown and avoid any further interaction. Always verify URLs via PhishDestroy’s real-time scanner before entering credentials or connecting wallets, especially when prompted by unsolicited messages claiming to offer crypto grants or financial incentives. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e0ee34f0-c6f2-4ff7-9096-bfcb820761a1 - PhishDestroy: https://phishdestroy.io/domain/f-a-g-trust.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/f-a-g-trust.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/f-a-g-trust.pages.dev/ Last updated: 2026-03-22