# secure-metamsk-en.pages.dev — MALICIOUS

> secure-metamsk-en.pages.dev is flagged for credential phishing. Avoid entering personal info and do not trust this site. Stay safe online.

## Summary
PhishDestroy identifies secure-metamsk-en.pages.dev as a high-risk credential phishing domain aimed at stealing user credentials by impersonating legitimate services. The domain was flagged for social engineering tactics designed to deceive users into submitting sensitive information.

The domain resolves to IP address 172.66.47.146 and is registered through Cloudflare, Inc., which also hosts its infrastructure. Google Safe Browsing has classified it under "SOCIAL_ENGINEERING," and VirusTotal analysis shows 15 out of 95 security vendors detecting malicious behavior. Additionally, the domain appears on three separate security blocklists. It was created recently on February 21, 2026, indicating a fresh attempt to exploit users.

Currently, secure-metamsk-en.pages.dev is taken offline and displays a Cloudflare warning page to prevent further harm. Users are strongly advised not to interact with this domain or provide any personal or login information. Organizations should continue monitoring for related phishing attempts and educate users about verifying URLs before submitting credentials to avoid falling victim to such scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.146
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ryleigh.ns.cloudflare.com", "lewis.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b0f51-22b7-7638-930a-e199818b7494.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/806a5135-e043-46c8-9df1-8c1c4d229eb8
- PhishDestroy: https://phishdestroy.io/domain/secure-metamsk-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/secure-metamsk-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secure-metamsk-en.pages.dev/
Last updated: 2026-03-19