# startx-metamsk-io.pages.dev — MALICIOUS

> Warning: startx-metamsk-io.pages.dev is flagged for high-risk phishing. Avoid sharing personal info or accessing this site.

## Summary
PhishDestroy identifies startx-metamsk-io.pages.dev as a high-risk phishing threat. This domain is classified under generic phishing, indicating attempts to deceive users into revealing sensitive information. The elevated risk level warrants caution for anyone encountering this URL.

Supporting this classification, the domain was recently created on February 21, 2026, and is currently active. It is registered through Cloudflare, Inc., which is commonly used for legitimate services but can also be exploited by malicious actors due to ease of setup and anonymization features. The domain appears on three separate security blocklists, signaling multiple detections across threat intelligence sources. Additionally, VirusTotal analysis reveals that 17 out of 95 security vendors have flagged this domain as suspicious, reinforcing concerns about its intent and malicious nature.

Users are strongly advised to avoid interacting with startx-metamsk-io.pages.dev, especially refraining from entering any login credentials, personal data, or financial information. PhishDestroy recommends blocking this domain at network or device level to mitigate exposure. As the domain remains active and listed on threat intelligence feeds, vigilance and proactive security measures are essential to prevent phishing-related compromises.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["malcolm.ns.cloudflare.com", "sonia.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019afb7e-94d2-766a-9cc5-dac1944145b5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/fef0dc98-5df2-4659-afcc-df9e288b8029
- PhishDestroy: https://phishdestroy.io/domain/startx-metamsk-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/startx-metamsk-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/startx-metamsk-io.pages.dev/
Last updated: 2026-03-19