# download.web-metamask.to — SUSPICIOUS

> PhishDestroy identifies download.web-metamask.to as a brand impersonation site impersonating MetaMask with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies download.web-metamask.to as an active crypto drainer masquerading as MetaMask's official download portal. This domain specifically targets cryptocurrency users by exploiting MetaMask's recognizable branding to deceive visitors into downloading malicious software or exposing wallet credentials. The threat is acute given the domain's recent registration and clean VirusTotal score, which indicates low detection by security engines despite clear malicious intent.  This domain resolves to IP 178.16.53.99 and was registered via the Government of the Kingdom of Tonga. It was created on August 19, 2025, indicating a very recent setup designed for maximum reach before takedown. Importantly, VirusTotal currently lists the domain with 0 detections out of 95 scanners, highlighting a critical window of vulnerability where traditional security tools may fail to flag the threat. The use of a Let's Encrypt SSL certificate adds superficial legitimacy, tricking users into believing the site is secure.  If you visited download.web-metamask.to or entered sensitive information, immediately disconnect from the internet, close your browser, and run a full system scan using reputable antivirus software. Do not connect your wallet or enter seed phrases on any page linked from this domain. Report the domain to MetaMask’s official support channels and consider revoking any connected wallet permissions via a hard wallet or MetaMask’s security settings. Block the domain at your network level using firewall rules or a hosts file entry. Forward any suspicious interactions to your local cybercrime unit or MetaMask’s fraud reporting portal. Vigilance is critical—crypto drainers often operate undetected until irreversible damage is done.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: MetaMask

## Domain Intelligence
- Registered: 2025-08-19 10:36:59
- Registrar: Government of Kingdom of Tonga
- IP: 178.16.53.99

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2fa927e9-aa21-4213-9253-6fd1de137a3b
- PhishDestroy: https://phishdestroy.io/domain/download.web-metamask.to/
- LLM endpoint: https://phishdestroy.io/domain/download.web-metamask.to/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/download.web-metamask.to/
Last updated: 2026-03-30