# en-us-metamask-docs.pages.dev — MALICIOUS

> en-us-metamask-docs.pages.dev impersonates MetaMask in a high-risk phishing scam. Stay alert and avoid this domain to protect your credentials.

## Summary
PhishDestroy has detected that the domain en-us-metamask-docs.pages.dev poses a significant threat by impersonating the popular cryptocurrency wallet MetaMask. This type of deception is designed to trick users into believing they are interacting with a legitimate service, which can lead to the theft of sensitive information such as login credentials or private keys.

This phishing site was created on February 21, 2026, and registered through Cloudflare, Inc. It mimics MetaMask’s branding and documentation to lure unsuspecting victims. The domain was flagged on multiple security blocklists and identified by Google Safe Browsing under social engineering threats. VirusTotal scans show that 13 out of 95 security vendors consider this site malicious. The site has since been taken offline, but users should remain vigilant against similar tactics.

If you have visited en-us-metamask-docs.pages.dev, it is crucial to immediately review your MetaMask account for any unauthorized activity. Change your passwords and enable two-factor authentication where possible. Additionally, avoid clicking on suspicious links and verify URLs carefully before entering personal data. Reporting such domains to cybersecurity services can help protect others from falling victim to these scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.140
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["indie.ns.cloudflare.com", "josh.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aeb7d-e2fc-74d0-a7ec-ff4952ab1092.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/58dfda54-9690-457a-8186-d4f04e7a6078
- PhishDestroy: https://phishdestroy.io/domain/en-us-metamask-docs.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-us-metamask-docs.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-us-metamask-docs.pages.dev/
Last updated: 2026-03-19