# us-leder-live.pages.dev — SUSPICIOUS

> PhishDestroy flags us-leder-live.pages.dev as a credential theft page with 0/95 VirusTotal detections. Block this domain immediately.

## Summary
PhishDestroy identifies the domain us-leder-live.pages.dev as an active credential theft page hosted on Cloudflare Pages, currently under investigation for mimicking legitimate login portals to harvest user credentials. This domain leverages a generic naming convention combined with a trusted Cloudflare Pages subdomain to appear legitimate, suggesting an attempt to impersonate a brand or service without direct association. No specific malware kit or drainer signature has been publicly attributed to this campaign at this time.  

This domain was flagged with the following technical indicators: VirusTotal shows 0/95 detections as of the latest scan, indicating it has evaded most antivirus engines. It is registered through Cloudflare, Inc., resolving to IP address 172.66.47.111. The domain's SSL certificate is issued by Google Trust Services, increasing its perceived legitimacy. While the creation date is not provided in available intelligence, its active status and low detection rate suggest recent deployment aimed at evading early detection.  

As of this assessment, the threat level remains under investigation but is flagged as active. PhishDestroy recommends blocking access to us-leder-live.pages.dev and conducting user awareness training to prevent credential submission. The low VirusTotal score suggests this campaign is still in early stages or employs evasion techniques. Users should avoid interacting with this domain and report any suspicious login prompts immediately to their security team. Remaining risk is moderate due to the ongoing investigation and potential for expanded targeting.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.111

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a82db8ea-fc2e-4543-86b0-ca6127562d94
- PhishDestroy: https://phishdestroy.io/domain/us-leder-live.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-leder-live.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-leder-live.pages.dev/
Last updated: 2026-03-22