# metamask-chorme-extantion.pages.dev — MALICIOUS

> High-risk phishing domain metamask-chorme-extantion.pages.dev impersonates MetaMask. Currently offline after multiple security flags. Avoid interaction.

## Summary
PhishDestroy identifies metamask-chorme-extantion.pages.dev as a high-risk brand impersonation phishing domain targeting MetaMask users. The domain’s primary threat is social engineering designed to deceive victims into compromising their digital assets or credentials by mimicking the look and feel of MetaMask.

This domain was created recently on February 21, 2026, and was registered via Cloudflare, Inc., an infrastructure provider often abused by threat actors for rapid deployment and anonymity. It resolved to IP 172.66.45.46 and was flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category. Additionally, it appeared on two security blocklists and was detected by 14 out of 95 security vendors on VirusTotal. The page title found during investigation was “Suspected phishing site | Cloudflare,” indicating active takedown efforts.

Currently, metamask-chorme-extantion.pages.dev is offline, reflecting successful mitigation actions. Users should avoid visiting this domain or interacting with any related links or communications. PhishDestroy advises users to remain vigilant for lookalike URLs and to verify official MetaMask sources directly. Organizations should ensure endpoint protection and web filtering solutions are updated to block this domain and similar phishing infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.46
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["betty.ns.cloudflare.com", "noah.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a1d5a-8f1e-750f-9ec6-9219f8656249.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ee75701f-be05-4587-9b6a-d2a698d7c499
- PhishDestroy: https://phishdestroy.io/domain/metamask-chorme-extantion.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/metamask-chorme-extantion.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamask-chorme-extantion.pages.dev/
Last updated: 2026-03-19