# us-live-leder.pages.dev — SUSPICIOUS

> us-live-leder.pages.dev poses as a fake Netflix login page to steal credentials. Hosted on Cloudflare, this active scam has 0/95 VirusTotal detections as of.

## Summary
PhishDestroy identifies us-live-leder.pages.dev as a Netflix credential phishing domain currently active and under investigation. This domain mimics legitimate streaming service login pages to harvest user credentials for financial fraud and account takeovers.


This domain was flagged as a generic phishing site (active) with 0 out of 95 VirusTotal detections. It is registered through Cloudflare, Inc., resolves to IP 172.66.47.189, and holds a Google Trust Services SSL certificate. The unique seed cc1c17 confirms this is a newly tracked threat with no current blocklist presence.


Mitigation requires users to avoid interacting with this domain entirely. If credentials were entered, immediately reset passwords on Netflix and enable two-factor authentication. Report the domain to Netflix phishing teams and update browser blocklists. This threat highlights the importance of verifying URLs before login attempts, especially those hosted on unexpected domains like .pages.dev.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.189

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0cc92d49-3eef-4593-906f-59b215109d41
- PhishDestroy: https://phishdestroy.io/domain/us-live-leder.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/us-live-leder.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/us-live-leder.pages.dev/
Last updated: 2026-04-11