# lava2.pages.dev — SUSPICIOUS

> PhishDestroy identifies lava2.pages.dev as an active crypto drainer impersonating legitimate services, flagged by 1 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies lava2.pages.dev as a confirmed crypto drainer scam currently active and engaged in cryptocurrency theft operations. This domain, hosted through Cloudflare Pages, is designed to deceive users into connecting wallets and draining funds under the guise of legitimate services. The threat remains unresolved with no takedown actions observed as of current analysis.  lava2.pages.dev was flagged by 1 of 95 VirusTotal vendors, blocked by Enkrypt and ScamSniffer security solutions, and resolved to IP address 172.66.47.41. This domain was registered through Cloudflare, Inc. and appears on 2 separate security blocklists. The SSL certificate is issued by Google Trust Services, providing a false veneer of legitimacy to potential victims. No creation date was provided in available intelligence, but the domain remains active with no mitigation measures detected at this time.  Despite low detection on VirusTotal, the combination of active status, crypto drainer functionality, and dual blocklist placement indicates elevated risk to cryptocurrency users. PhishDestroy recommends immediate blocking of this domain at network and endpoint levels, user education regarding crypto wallet connection warnings, and reporting to relevant security vendors and cryptocurrency platforms. The domain's use of Cloudflare Pages infrastructure and Google-issued SSL certificates demonstrates sophisticated threat actor tactics to evade detection while maintaining operational capability. Monitor for additional domains using similar infrastructure patterns as this campaign may expand.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.41

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/15c0fd6b-0814-46b5-8960-7d9294a7612f
- PhishDestroy: https://phishdestroy.io/domain/lava2.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lava2.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lava2.pages.dev/
Last updated: 2026-03-26