# begin-doc-mmetamsk-omg.pages.dev — MALICIOUS

> begin-doc-mmetamsk-omg.pages.dev is a high-risk phishing site now offline. Learn how it operated and steps to protect yourself from similar threats.

## Summary
PhishDestroy identifies begin-doc-mmetamsk-omg.pages.dev as a high-risk phishing domain that was recently taken offline. This site posed a significant danger by attempting to deceive users into revealing sensitive information such as login credentials or financial data through fraudulent means.

The phishing attack typically worked by mimicking legitimate websites or services to lure victims into submitting personal information. This domain was registered through Cloudflare and appeared on multiple security blocklists, with 13 out of 95 security vendors flagging it on VirusTotal. The site resolved to an IP address commonly associated with hosting suspicious content, demonstrating clear intent to exploit unsuspecting users.

If you visited this domain, it is crucial to immediately change any passwords you may have entered and monitor your accounts for suspicious activity. Users should also run a comprehensive antivirus scan and remain vigilant against similar phishing attempts. PhishDestroy recommends avoiding any interaction with suspicious links and verifying website authenticity before sharing personal data.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.135
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["rayne.ns.cloudflare.com", "nikon.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019adde2-3c07-73e3-84a3-79d1c06705bc.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d316d979-9c9c-4381-a542-022505466f5e
- PhishDestroy: https://phishdestroy.io/domain/begin-doc-mmetamsk-omg.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/begin-doc-mmetamsk-omg.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/begin-doc-mmetamsk-omg.pages.dev/
Last updated: 2026-03-19