# auth-legr-liv.pages.dev — MALICIOUS

> auth-legr-liv.pages.dev is a high-risk fake login site used for crypto draining. 12 of 95 security vendors flag it—verify safety on PhishDestroy.

## Summary
PhishDestroy identifies auth-legr-liv.pages.dev as a highly dangerous fake login phishing domain primarily targeting cryptocurrency users. This site aims to deceive visitors into entering sensitive login credentials, which attackers can exploit to drain crypto wallets or steal account access. Users visiting this domain risk significant financial loss due to the fraudulent nature of the site's imitation of legitimate services.

The domain auth-legr-liv.pages.dev resolves to IP address 172.66.47.169 and was registered through Cloudflare, Inc. Despite being secured by a valid SSL certificate issued by Google Trust Services, it is flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category. Additionally, 12 out of 95 security vendors scanned through VirusTotal have marked it as malicious, confirming a strong consensus on its phishing nature. The domain is currently active, posing an immediate threat to unwary internet users.

If you have visited auth-legr-liv.pages.dev, it is crucial to cease any interaction immediately and avoid entering any credentials. Users should run a comprehensive scan on their devices using updated antivirus and anti-malware tools and consider changing passwords for any accounts that may have been entered. Monitoring financial accounts for unauthorized transactions is advised. Always verify suspicious sites using trusted databases like PhishDestroy before engaging, and enable two-factor authentication to enhance security against credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.169

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/94e05941-056c-435e-a0e5-860c699e0b88
- PhishDestroy: https://phishdestroy.io/domain/auth-legr-liv.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/auth-legr-liv.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auth-legr-liv.pages.dev/
Last updated: 2026-03-25