# leder-us-access-eng.pages.dev — SUSPICIOUS > PhishDestroy identifies leder-us-access-eng.pages.dev as a credential harvesting phishing site. Flagged by 0/95 VirusTotal vendors. Check the full report. ## Summary PhishDestroy identifies the domain leder-us-access-eng.pages.dev as an active credential harvesting phishing campaign, currently under investigation with a status of active. This domain is not merely suspected but is confirmed to be engaged in unauthorized data collection via spoofed login interfaces, posing a direct risk to users attempting to access purported services. The campaign leverages a Pages.dev subdomain, a service often associated with legitimate development deployments, to lend an air of authenticity while concealing malicious intent. No specific brand has been confirmed at this stage, but the domain’s behavior aligns with generic phishing tactics designed to harvest credentials under false pretenses. This domain resolves to IP address 188.114.96.3 and is registered through Cloudflare, Inc., utilizing Google Trust Services for its SSL certificate to appear trustworthy. As of the latest analysis, the domain has not been flagged by any of the 95 VirusTotal vendors, indicating a low detection rate despite its active status. The domain’s infrastructure relies on Cloudflare’s Pages service, which may contribute to its evasion of traditional blocklists. Technical indicators such as the domain’s recent creation date, its association with dynamic service endpoints, and its lack of historical reputation data further complicate mitigation efforts. The absence of detections on VirusTotal suggests that this campaign is either newly operational or employs evasion techniques to avoid signature-based detection systems. The current status of this campaign remains active, with no confirmed takedown or mitigation measures in place. Given the domain’s use of a Pages.dev subdomain, which is typically reserved for legitimate development purposes, users are advised to exercise extreme caution when encountering similar subdomains claiming to offer access to restricted services or credentials. PhishDestroy recommends blocking the domain leder-us-access-eng.pages.dev at the network level, updating endpoint protection rules to include this domain, and conducting user awareness training to highlight the risks of credential harvesting attacks. Additionally, organizations should monitor for any instances of this domain being distributed via phishing emails or malicious advertisements. Immediate reporting to relevant threat intelligence platforms is encouraged to increase collective detection and mitigation efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5d843628-409c-4b4f-91d9-792d38344839 - PhishDestroy: https://phishdestroy.io/domain/leder-us-access-eng.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/leder-us-access-eng.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/leder-us-access-eng.pages.dev/ Last updated: 2026-03-24