# chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev — MALICIOUS

> chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev is a high-risk phishing domain taken offline. Stay vigilant and avoid interacting with suspicious links.

## Summary
PhishDestroy identifies chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev as a high-risk generic phishing domain. The domain was used to deceive users into divulging sensitive information by impersonating trusted entities, posing significant risks such as credential theft and financial fraud. The threat is critical due to its potential to compromise personal and corporate security.

The domain chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev was registered on March 03, 2026, via Cloudflare, Inc. It resolved to IP address 188.114.97.3 before being taken offline. VirusTotal flagged this domain by 14 out of 95 security vendors, and it appears on one security blocklist. The use of Cloudflare Pages infrastructure allowed the threat actors to host phishing content with relative ease and anonymity.

Users are advised to avoid clicking on links from unknown or suspicious sources, especially those resembling chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev. Organizations should ensure their email filters and endpoint protections are updated to detect and block similar phishing attempts. Reporting suspicious domains to security authorities and using threat intelligence platforms like PhishDestroy can help mitigate ongoing phishing risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev

## Domain Intelligence
- Registered: 2026-03-03 01:00:02
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: kelly.ns.cloudflare.com lamar.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "CyRadar", "DNS8", "ESET", "Emsisoft", "Gridinsoft", "Lionic", "MalwareURL", "Netcraft", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/Q7ZSw1VY/8be124c0fe78.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/741e8178-0f3d-4a32-bfcf-e55fc1dea415
- Wayback Machine: https://web.archive.org/web/https://chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/chnetyuiw3efeyughduiwqgevboifqeyd5wu-99r.pages.dev/
Last updated: 2026-03-19