# fbsaver.pages.dev — SUSPICIOUS

> Domain fbsaver.pages.dev is a fake Aave brand impersonation site, flagged by 0 of 95 VirusTotal vendors. Do not interact or enter credentials.

## Summary
PhishDestroy identifies active brand impersonation on the domain fbsaver.pages.dev, which currently masquerades as the legitimate Aave protocol. This fraudulent site is classified under active investigation with a risk level marked as under_investigation. The domain specifically targets users by exploiting the trusted Aave brand to deceive visitors into connecting wallets or submitting credentials, thereby enabling crypto drainer operations or credential theft.  

This domain resolves to IP address 188.114.97.3 and was registered through Cloudflare, Inc. As of the latest scan, the domain remains undetected by security vendors, with 0 detections out of 95 VirusTotal scanners. It holds an SSL certificate issued by Google Trust Services, which may contribute to a false sense of legitimacy. No historical blocklist entries were identified at the time of analysis. The domain’s infrastructure leverages Cloudflare’s CDN, complicating direct takedown or IP-based blocking.  

Given the active status and undetected state of this domain, users are strongly advised to avoid interacting with fbsaver.pages.dev or any links associated with it. Enterprises and security teams should immediately block the domain at DNS and network levels and monitor for related infrastructure. Users should verify URLs manually, use hardware wallet verification, and report suspicious domains to their security teams or platforms like PhishDestroy. This domain should be treated as a high-risk threat until further analysis concludes.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Aave

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6cdb58b4-6437-4faa-82c0-f5620904ab51
- PhishDestroy: https://phishdestroy.io/domain/fbsaver.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/fbsaver.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/fbsaver.pages.dev/
Last updated: 2026-03-28