# webmaskport.pages.dev — MALICIOUS

> PhishDestroy identifies webmaskport.pages.dev as a credential theft domain flagged by 13 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies the actively malicious domain webmaskport.pages.dev as a credential theft endpoint engaged in generic phishing operations. This domain is currently live and poses an elevated risk to unsuspecting users, with confirmed malicious infrastructure and detection across multiple security platforms.  webmaskport.pages.dev was flagged by 13 of 95 VirusTotal vendors, resolving to IP address 172.66.47.92 through Cloudflare, Inc. as registrar. The domain utilizes a Let's Encrypt SSL certificate, indicating a false appearance of legitimacy. While specific creation date and blocklist counts were not disclosed in available intelligence, the domain's detection profile and infrastructure alignment suggest recent deployment targeting credential harvesting operations. Trust scores across security vendors remain critically low, reinforcing its malicious classification.  As of the latest assessment, webmaskport.pages.dev remains active and operational. PhishDestroy strongly advises immediate network and endpoint blocking of this domain and its associated IP (172.66.47.92). Users should avoid interaction with any links or content originating from this domain to prevent credential theft or further compromise. Security teams are urged to update firewall rules, DNS sinkholes, and endpoint protection lists. If exposure has occurred, initiate incident response protocols including credential rotation and forensic investigation. Monitor for associated indicators of compromise (IOCs) due to potential lateral movement risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.92

## Detection Status
- VirusTotal: 13 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/66abc7a1-b223-4865-979e-c8362b04d4ea
- PhishDestroy: https://phishdestroy.io/domain/webmaskport.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/webmaskport.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/webmaskport.pages.dev/
Last updated: 2026-03-28