# netamask--extension.pages.dev — MALICIOUS

> netamask--extension.pages.dev is identified as a high-risk phishing site. Avoid visiting to protect your data and security.

## Summary
PhishDestroy identifies netamask--extension.pages.dev as a generic phishing domain posing a high risk to users, aimed at harvesting sensitive information. The site’s title appeared as "Suspected phishing site | Cloudflare" upon initial access.
The domain was created recently on February 21, 2026, registered via Cloudflare, Inc., and resolved to IP 172.66.47.4. VirusTotal flagged it by 16 out of 95 security vendors, Google Safe Browsing lists it under social engineering, and it appears on two security blocklists. Gridinsoft trust score rates it 0 out of 100, confirming a malicious profile.
Currently, the domain status is offline, with Cloudflare having taken it down. PhishDestroy recommends users avoid the domain entirely, ensure up-to-date security software, and report any related suspicious activity.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.4
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["roman.ns.cloudflare.com", "lorna.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a3a24-ba8b-7039-a64f-c4e1b5ec00e6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/925ff0eb-5d50-447d-aad1-9a8db079a72a
- PhishDestroy: https://phishdestroy.io/domain/netamask--extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/netamask--extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/netamask--extension.pages.dev/
Last updated: 2026-03-19