# support--live--en.pages.dev — MALICIOUS

> support--live--en.pages.dev is a crypto drainer posing as support; abused by 10/95 VirusTotal vendors. Avoid and report immediately.

## Summary
PhishDestroy identifies support--live--en.pages.dev as an active crypto-draining phishing domain masquerading as a live support portal. The site leverages a mimicry-based lure to trick users into connecting cryptocurrency wallets, enabling unauthorized fund transfers. This strain does not impersonate a specific brand but instead presents generic support-themed pages hosted on Cloudflare Workers to evade detection.


This domain resolves to IP 172.66.47.106, is registered via Cloudflare, Inc., and secured with a Google Trust Services SSL certificate. VirusTotal analysis shows a detection score of 10/95 security vendors, indicating moderate but incomplete coverage, and it remains unblocked by Google Safe Browsing. The infrastructure is hosted on Cloudflare’s edge network, a common choice among threat actors to obfuscate origin and bypass network-based defenses.


This domain remains ACTIVE as of seed 938fed. Users are advised to block support--live--en.pages.dev at DNS and network levels and avoid interacting with any wallet connection prompts originating from the site. Risk remains elevated given low but growing detection, emphasizing the need for continuous monitoring and upstream takedown requests. Users should verify support portals via official brand channels and never connect wallets to unsolicited or untrusted domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.106

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/27a53c8d-e7c9-4ae6-92df-b255bf724d15
- PhishDestroy: https://phishdestroy.io/domain/support--live--en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/support--live--en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/support--live--en.pages.dev/
Last updated: 2026-03-22