# leedzzr-live.pages.dev — SUSPICIOUS

> leedzzr-live.pages.dev hosts a live credential theft portal. This Cloudflare Pages site poses as a legitimate service to harvest user login details.

## Summary
PhishDestroy identifies leedzzr-live.pages.dev as a credential theft portal impersonating a legitimate service. The domain is currently active and remains under investigation for malicious activity. This site leverages Cloudflare Pages to obfuscate its infrastructure while posing as a trustworthy platform to deceive users into submitting sensitive credentials.  

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely recognized as malicious. It is registered through Cloudflare, Inc., resolves to IP 172.66.44.193, and operates under the unique seed identifier 287fc9. The lack of detections and Cloudflare’s anonymizing infrastructure suggest this threat is either newly deployed or employs evasion techniques to avoid detection. Further analysis is required to determine the full scope of its operations, including associated blocklist counts and trust scores.  

Due to the active status of leedzzr-live.pages.dev and its potential to harvest user credentials, PhishDestroy recommends users avoid interacting with this domain entirely. If this site has been accessed or credentials have been entered, immediately change passwords for the affected service and enable multi-factor authentication where possible. Report the domain to relevant cybersecurity authorities to aid in its takedown. Monitor financial accounts for suspicious activity if credentials were submitted. This threat remains high-risk until further intelligence is gathered and definitive action is taken.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.193

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- PhishDestroy: https://phishdestroy.io/domain/leedzzr-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/leedzzr-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/leedzzr-live.pages.dev/
Last updated: 2026-03-26