# ledgar-livec-login.pages.dev — MALICIOUS

> PhishDestroy warns that ledgar-livec-login.pages.dev is a fake login impersonating Ledge services and hosted by Cloudflare.

## Summary
PhishDestroy identifies ledgar-livec-login.pages.dev as an active credential phishing page that mimics a LiveCash or Ledger login portal to trick visitors into surrendering crypto wallet seed phrases or private keys. The look-alike domain (pages.dev subdomain) is designed to appear legitimate at a glance, but it is not operated by any official Ledger, LiveCash, or Ledge service. Once credentials or recovery phrases are entered, the phishing kit immediately transmits the data to attacker-controlled servers while presenting a fake error or redirecting to a legitimate site to avoid suspicion. Users who reuse passwords or store sensitive recovery phrases in browser profiles are most at risk of drained wallets or compromised accounts.


This domain was flagged after 11 of 95 VirusTotal security vendors detected malicious content, and it resolves to IP address 188.114.96.3 which is operated by Cloudflare, Inc. as a Pages worker environment. The SSL certificate is issued by Google Trust Services, giving the page a misleading padlock icon that increases trust. The subdomain was created to leverage the trusted pages.dev namespace so that automated scanners focusing on newly observed domains miss the threat until signatures catch up.


If you visited ledgar-livec-login.pages.dev, assume your credentials or recovery phrases may have been exposed. Immediately disconnect from the internet, scan your device with an up-to-date antivirus or anti-malware tool, and revoke any app permissions granted to unknown sites. Do NOT log in again. Rotate passwords on other accounts using unique credentials, and if you entered a crypto wallet recovery phrase, transfer remaining assets to a brand-new wallet created on a clean, offline device. Report the domain to PhishDestroy and your local CERT team so the page can be blocked for others.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 11 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e38086e4-cbbd-47d9-80ca-47fd02c8e503
- PhishDestroy: https://phishdestroy.io/domain/ledgar-livec-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledgar-livec-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgar-livec-login.pages.dev/
Last updated: 2026-03-22