# get-metmskextension-auth.pages.dev — MALICIOUS

> get-metmskextension-auth.pages.dev is flagged for phishing risks. Avoid interacting with this domain and stay protected by verifying website safety first.

## Summary
PhishDestroy identifies get-metmskextension-auth.pages.dev as a high-risk generic phishing domain designed to deceive users. Such threats can lead to credential theft and financial loss, making vigilance critical.

This domain was registered recently on February 21, 2026, through Cloudflare, Inc., and resolved to IP 172.66.46.250. It appears on multiple security blocklists and is flagged by Google Safe Browsing for social engineering. VirusTotal confirms detection by several security vendors. The site is currently offline, reducing immediate risk.

Users should avoid visiting or interacting with this domain and ensure their browsers and security software are up to date. If you encounter suspicious links or prompts related to this domain, do not provide any personal information and report the incident to security authorities.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.250
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["plato.ns.cloudflare.com", "magnolia.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cdaa9-9c88-710d-b3db-edb8b99a9675.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/70883046-417e-4ef5-baa5-93c0bf940a42
- PhishDestroy: https://phishdestroy.io/domain/get-metmskextension-auth.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/get-metmskextension-auth.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-metmskextension-auth.pages.dev/
Last updated: 2026-03-19