# wallet-metamask-x.pages.dev — MALICIOUS

> wallet-metamask-x.pages.dev is a high-risk crypto drainer flagged for social engineering. Learn why it’s unsafe and protect your assets now.

## Summary
PhishDestroy identifies wallet-metamask-x.pages.dev as a high-risk phishing domain specializing in crypto wallet draining. Classified as a crypto drainer, this domain was designed to deceive users into revealing sensitive wallet information, leading to unauthorized asset theft. Its social engineering tactics specifically target MetaMask users, exploiting trust in the legitimate wallet interface.

Technical analysis reveals wallet-metamask-x.pages.dev was registered on February 21, 2026, via Cloudflare, Inc., providing anonymity and protection against takedowns. The domain exhibited strong indicators of compromise, appearing on three security blocklists and flagged by VirusTotal scans from 15 security vendors. Google Safe Browsing categorizes it under social engineering threats, confirming its malicious intent. The domain’s infrastructure leveraged Cloudflare’s hosting to quickly deploy phishing content mimicking MetaMask's interface.

Current status shows the domain has been taken offline, neutralizing its threat vector. Despite this, the high-risk classification remains due to its sophisticated tactics and potential for rapid reactivation or spawn of similar domains. PhishDestroy recommends ongoing vigilance for any new domains mimicking MetaMask or cryptocurrency services, as this incident reflects a persistent campaign targeting crypto users.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.125
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["donna.ns.cloudflare.com", "fred.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c3e45-2154-737a-b44d-d75f062c3e10.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d1db64aa-4ec6-418d-8de6-4670627b0689
- PhishDestroy: https://phishdestroy.io/domain/wallet-metamask-x.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wallet-metamask-x.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wallet-metamask-x.pages.dev/
Last updated: 2026-03-19