# lightchainode.pages.dev — SUSPICIOUS

> PhishDestroy identifies lightchainode.pages.dev as a crypto wallet phishing page with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy has flagged lightchainode.pages.dev as an active cryptocurrency wallet phishing domain designed to deceive users into entering sensitive wallet credentials. The domain mimics legitimate blockchain-related services to trick visitors into exposing private keys or mnemonic phrases, potentially leading to direct financial loss. This is not a generic phishing attempt but a targeted scam focused on cryptocurrency theft, leveraging urgency and trust-building visuals to bypass user skepticism. The infrastructure is hosted on Cloudflare Pages, adding a superficial layer of legitimacy through Google Trust Services SSL certification, which is commonly exploited in phishing campaigns to appear secure at first glance. Users interacting with this domain may unknowingly surrender access to their digital assets to malicious actors.

Technical analysis confirms this domain was registered through Cloudflare, Inc., resolving to IP address 188.114.97.3. Critically, VirusTotal currently shows 0 detections out of 95 security engines, indicating this threat has not yet been widely recognized by antivirus platforms. While SSL encryption is present via Google Trust Services, this alone does not validate the domain's authenticity—it merely secures data transmission between the victim and the attacker’s server. The use of a .pages.dev subdomain under Cloudflare Pages infrastructure is a known tactic among threat actors to quickly deploy and rotate malicious sites while maintaining low operational visibility. The absence of blocklist entries suggests this domain is newly active or has not yet been widely reported.

If you have visited lightchainode.pages.dev or entered any credentials, immediately disconnect from the internet and revoke access permissions to your cryptocurrency wallets using a separate, trusted device. Scan your system with updated antivirus software and consider rotating all wallet passwords and recovery phrases. Report the domain to your wallet provider and relevant cybercrime authorities such as the FBI IC3 or local cybersecurity units. Use caution when accessing crypto services—always verify URLs, avoid clicking links in unsolicited messages, and cross-check domains against known legitimate platforms. This domain should be treated as actively malicious and avoided entirely to prevent financial compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b96d595f-b17d-40cc-add4-c6e3fcf3c573
- PhishDestroy: https://phishdestroy.io/domain/lightchainode.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/lightchainode.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lightchainode.pages.dev/
Last updated: 2026-03-22