# secur-ledgrlive-learn.pages.dev — SUSPICIOUS

> SECUR-LEDGRLIVE-LEARN.pages.dev impersonates financial platforms to steal crypto via credential theft (0/95 VirusTotal). Block immediately.

## Summary
PhishDestroy identifies active credential theft infrastructure hosted on secur-ledgrlive-learn.pages.dev, a fraudulent domain mimicking legitimate financial ledger services. The campaign employs brand impersonation techniques—specifically targeting users familiar with financial reporting platforms—to harvest login credentials and cryptocurrency wallet access. No known crypto drainer kit or JavaScript payload has been extracted from this domain at this time, suggesting a preliminary phase focused on credential acquisition.  

This domain was flagged on Cloudflare Pages via registrar Cloudflare, Inc., resolving to IP 188.114.96.3 under a Google Trust Services SSL certificate. VirusTotal reports 0/95 detection engines flagged the domain, and it remains unlisted on Google Safe Browsing as of analysis. Domain creation date is under investigation, with no known blocklist presence at this stage.  

Current status is ACTIVE with an under-investigation risk level. Immediate containment actions include domain takedown requests to Cloudflare and IP de-listing at hosting providers. Remaining risk includes potential expansion into deployable drainer scripts or lateral movement into broader financial services impersonation. Users are advised to avoid this domain, verify any financial platform URLs manually, and report credentials used on this site to the legitimate platform immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c1e9e0de-600b-4ac5-b8d5-a2a531b30e72
- PhishDestroy: https://phishdestroy.io/domain/secur-ledgrlive-learn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/secur-ledgrlive-learn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secur-ledgrlive-learn.pages.dev/
Last updated: 2026-03-23