# layer2-lava.pages.dev — SUSPICIOUS

> layer2-lava.pages.dev hosts a crypto drainer posing as a Layer2 bridge. Verify URLs on PhishDestroy before connecting wallets. VT score 0/95.

## Summary
PhishDestroy identifies layer2-lava.pages.dev as an active crypto drainer impersonating a Layer2 bridging service. The domain leverages a Cloudflare Pages subdomain to host a fraudulent interface designed to siphon cryptocurrency assets from unsuspecting users. This drainer kit is engineered to deceive visitors into connecting their wallets under the guise of bridging tokens across Layer2 networks, with malicious scripts silently exfiltrating funds upon authorization.  This domain exhibits several suspicious technical indicators. According to VirusTotal, it currently shows 0/95 detections despite its malicious activity, indicating delayed recognition by threat intelligence feeds. The domain was registered through Cloudflare, Inc. and resolves to IP 172.66.47.201. The SSL certificate is issued by Google Trust Services, which is commonly exploited by threat actors to lend false legitimacy to fraudulent sites. As of the investigation seed d97b4d, this domain remains unlisted on major blocklists, though its low VT score suggests imminent detection.  The current status of layer2-lava.pages.dev is active, with PhishDestroy continuing to monitor its infrastructure. No takedown action has been initiated as of this report, leaving users at risk of further exploitation. Users are strongly advised to verify any Layer2 bridging services against PhishDestroy’s database before interacting with wallet connections. Until the domain is flagged by additional security vendors or taken offline, the risk of exposure to crypto drainer attacks remains critical.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.201

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/layer2-lava.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/layer2-lava.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/layer2-lava.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/layer2-lava.pages.dev/
Last updated: 2026-04-02