# trustpays.icu — SUSPICIOUS

> trustpays.icu is a newly launched fake payment portal phishing site with 0/95 VirusTotal detections, mimicking legitimate services to steal banking credentials.

## Summary
trustpays.icu is an active phishing domain posing as a legitimate payment processor to trick users into entering sensitive financial information. The threat actor behind this campaign registered the domain on March 20, 2026, through PDR Ltd. d/b/a PublicDomainRegistry.com and has weaponized it with a Let's Encrypt SSL certificate to appear trustworthy. The domain resolves to IP address 84.201.4.140 and currently evades detection from all 95 security vendors on VirusTotal, indicating a low-profile but high-risk operation.


This domain specifically targets users expecting secure payment gateways by exploiting the trust associated with established financial services. The use of a recently registered domain, combined with a valid SSL certificate, suggests an attempt to bypass traditional security measures that often rely on domain age or reputation. The attacker’s choice of PDR Ltd. as the registrar, a provider known for low-friction domain registration, further lowers barriers to deployment while delaying takedown efforts. Without proactive detection, users may unknowingly submit credentials or payment details, which are then harvested for fraudulent transactions or sold on dark web markets.


If you visited trustpays.icu, immediately check your bank and payment accounts for unauthorized transactions. Do not enter any personal, login, or financial information on this site. Clear your browser cache and cookies, then run a scan with reputable antivirus software like Malwarebytes, Bitdefender, or Windows Defender. Report the domain to your email provider and financial institutions to flag potential phishing attempts. If you entered credentials, change passwords on all accounts using the same login details and enable two-factor authentication where possible. Monitor credit reports for signs of identity theft and consider freezing credit if suspicious activity is detected. Forward phishing emails to reportphishing@apwg.org and report the domain to your national cybercrime unit or IC3 at ic3.gov.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-20 10:55:06
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 84.201.4.140

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/33f0f300-be4b-4fb1-8fac-87a1669954e6
- PhishDestroy: https://phishdestroy.io/domain/trustpays.icu/
- LLM endpoint: https://phishdestroy.io/domain/trustpays.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/trustpays.icu/
Last updated: 2026-03-22