# secuer-metamask.pages.dev — MALICIOUS

> Beware of secuer-metamask.pages.dev—this phishing domain impersonating MetaMask is flagged for social engineering and is currently offline.

## Summary
PhishDestroy identifies secuer-metamask.pages.dev as a high-risk brand impersonation domain targeting MetaMask users. This site employed deceptive tactics to trick visitors into divulging sensitive information by mimicking the authentic MetaMask platform. Its primary threat vector centers on social engineering attacks designed to harvest credentials or private keys, posing significant risks to cryptocurrency holders.

From an infrastructure standpoint, the domain resolved to IP address 172.66.44.137 and was registered through Cloudflare, Inc. Despite being relatively newly created on February 21, 2026, it quickly appeared on three separate security blocklists. Google Safe Browsing categorizes the domain under "SOCIAL_ENGINEERING," reinforcing its malicious intent. VirusTotal analysis revealed detection from 17 out of 95 security vendors, while Gridinsoft assigned it a very low trust score of 0 out of 100. The page title notably displayed "Suspected phishing site | Cloudflare," which contributed to its swift takedown.

Currently, secuer-metamask.pages.dev is offline and inaccessible, indicating effective mitigation efforts. PhishDestroy recommends users remain vigilant against similar brand impersonation scams and verify URLs carefully before engaging with cryptocurrency-related websites. Organizations should update security controls to block this domain and educate users on recognizing phishing attempts to prevent credential compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.137
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["milan.ns.cloudflare.com", "bristol.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c72ae-bf57-77f2-9dc6-a28775085369.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7a00d9a2-2a40-4e6f-b5ed-7be28523ff05
- PhishDestroy: https://phishdestroy.io/domain/secuer-metamask.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/secuer-metamask.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secuer-metamask.pages.dev/
Last updated: 2026-03-19