# ldgrliv-desk.pages.dev — SUSPICIOUS > PhishDestroy identifies ldgrliv-desk.pages.dev as a crypto drainer phishing domain with 0/95 VirusTotal detections. ## Summary PhishDestroy has flagged ldgrliv-desk.pages.dev for active phishing activity targeting cryptocurrency users. The domain is currently under investigation for facilitating crypto drainer operations, a specific threat type designed to silently siphon digital assets by tricking users into connecting wallets or entering seed phrases. The risk level remains classified as under_investigation due to ongoing analysis, but the presence of a crypto drainer toolkit significantly elevates the threat to end-users, particularly those transacting in crypto or storing assets in connected wallets. The domain resolves to IP address 172.66.47.54, a Cloudflare-hosted endpoint, and operates under an SSL certificate issued by Google Trust Services, which may lend an air of legitimacy but does not guarantee safety. As of the latest scan, VirusTotal reports 0 detections out of 95 engines, indicating this domain has not yet been widely blacklisted despite its malicious intent. This domain was registered through Cloudflare, Inc., leveraging the provider’s infrastructure to obscure hosting origins and complicate takedown efforts. The IP 172.66.47.54 is part of Cloudflare’s known proxy network, often used by threat actors to mask true hosting locations and evade detection. While the SSL certificate from Google Trust Services may suggest a basic level of trustworthiness to casual observers, it is a standard offering and does not imply endorsement or security certification for the hosted content. The domain is hosted on Cloudflare Pages, a legitimate platform for static site hosting, further complicating immediate identification as malicious due to the use of a reputable service. With no current entries in major threat intelligence feeds or blocklists, this domain remains a low-profile but active threat vector. To mitigate risks associated with crypto drainer phishing, users must exercise extreme caution when interacting with unsolicited links, especially those related to crypto transactions or wallet connections. Never connect your wallet or enter seed phrases on unfamiliar domains, even if they appear legitimate at first glance. Block the domain at the network level using DNS filtering tools, and report the domain to your browser’s security team or platforms like Google Safe Browsing and PhishDestroy. Organizations should deploy endpoint protection solutions that monitor for crypto drainer behavior, such as wallet connection prompts or clipboard hijacking attempts. Additionally, educate crypto users on verifying domain legitimacy through official channels and avoiding crypto-related transactions outside of trusted platforms. Immediate action is critical to prevent asset loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.54 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/19b2e718-ce12-43b6-b6f5-2acdd8480860 - PhishDestroy: https://phishdestroy.io/domain/ldgrliv-desk.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/ldgrliv-desk.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ldgrliv-desk.pages.dev/ Last updated: 2026-03-26