# suport-ledgerrliv-cdn.pages.dev — SUSPICIOUS > Investigating crypto drainer suport-ledgerrliv-cdn.pages.dev, a phishing site detected by 1/95 VirusTotal scanners. Review the full report immediately. ## Summary PhishDestroy identifies suport-ledgerrliv-cdn.pages.dev as an active crypto drainer operation leveraging deceptive Cloudflare Pages infrastructure to harvest cryptocurrency wallet credentials and tokens. The domain mimics legitimate cryptocurrency support pages to trick users into connecting their wallets, where malicious JavaScript exfiltrates private keys and initiates unauthorized transfers. Threat actors registered this domain through Cloudflare, Inc. and host it on Google Trust Services SSL certificates, adding a veneer of legitimacy while facilitating credential theft and asset drainage. This domain resolves to IP 172.66.46.249 and exhibits elevated risk characteristics, with VirusTotal reporting only 1 out of 95 security vendors detecting the malicious nature at the time of analysis. Such low detection rates indicate this threat may be bypassing traditional security controls, likely due to its use of reputable hosting and SSL infrastructure. The combination of Cloudflare's Pages service, Google's certificate authority, and minimal signature coverage makes this a sophisticated and stealthy operation targeting cryptocurrency users. Users who may have visited suport-ledgerrliv-cdn.pages.dev should immediately disconnect their wallets, revoke any connected permissions, and transfer remaining assets to a newly generated wallet with updated security measures. Enable multifactor authentication on all exchange and wallet accounts, and consider implementing hardware security modules for critical holdings. Report any unauthorized transactions to relevant blockchain forensic services and file incident reports with your organization's security team if corporate or institutional accounts were exposed. Monitor wallet addresses and transaction histories closely for signs of compromise, as crypto drainer operations often maintain persistence through token approvals and signed messages. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.46.249 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/31e19c22-e293-4c84-b654-b1aa9f44debb - PhishDestroy: https://phishdestroy.io/domain/suport-ledgerrliv-cdn.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/suport-ledgerrliv-cdn.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/suport-ledgerrliv-cdn.pages.dev/ Last updated: 2026-04-01