# guide-metamask.pages.dev — MALICIOUS

> guide-metamask.pages.dev is a high-risk phishing site impersonating MetaMask. Avoid interaction and report suspicious activity immediately.

## Summary
PhishDestroy identifies guide-metamask.pages.dev as a high-risk phishing domain impersonating the MetaMask brand. This type of brand impersonation is particularly dangerous as it seeks to deceive users into revealing sensitive credentials or private keys, potentially leading to significant financial loss. The domain’s malicious intent is underscored by its classification for social engineering threats.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.47.56. It has been flagged on two security blocklists and triggered Google Safe Browsing alerts. Additionally, 14 out of 95 VirusTotal security vendors have identified it as malicious. The site is currently offline, following takedown measures, and was previously detected under the title "Suspected phishing site | Cloudflare".

Users are strongly advised not to visit or interact with guide-metamask.pages.dev. If you encounter suspicious websites claiming to represent MetaMask or similar brands, verify legitimacy through official channels. Always enable multi-factor authentication and use trusted applications to safeguard your digital assets. Reporting suspected phishing attempts to security platforms like PhishDestroy can help protect the broader community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.56
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kenia.ns.cloudflare.com", "corey.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019af9f7-52a3-7410-b076-28d81ee8d849.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/550e88e7-eedd-49eb-93ce-435a32601611
- PhishDestroy: https://phishdestroy.io/domain/guide-metamask.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/guide-metamask.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/guide-metamask.pages.dev/
Last updated: 2026-03-19