# eng-io-metamasklgn.pages.dev — MALICIOUS

> eng-io-metamasklgn.pages.dev poses a medium-risk crypto drainer threat. Avoid interaction and secure your wallets immediately.

## Summary
PhishDestroy identifies eng-io-metamasklgn.pages.dev as an active medium-risk crypto drainer domain targeting cryptocurrency users. This domain attempts to harvest private keys or seed phrases by impersonating legitimate Metamask login interfaces, posing a significant risk to digital asset security. Users interacting with this domain risk unauthorized access to their crypto wallets.

This suspicious domain is registered through Cloudflare, Inc. and resolves to the IP address 188.114.97.3. VirusTotal analysis reveals a low detection rate with 3 out of 95 security vendors flagging the domain, indicating emerging but limited recognition among antivirus platforms. The domain operates on Cloudflare's infrastructure, leveraging its content delivery capabilities to mask the threat origin and evade simplistic detection.

Currently active, eng-io-metamasklgn.pages.dev requires vigilance from the crypto community. PhishDestroy strongly recommends that users avoid visiting this domain and verify URLs before entering sensitive wallet credentials. Employing hardware wallets, enabling two-factor authentication, and using official app stores for wallet extensions can further mitigate risks associated with such phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: MetaMask Login — Secure Access to Your Ethereum Wallet

## Domain Intelligence
- Registered: 2026-03-05 09:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: desi.ns.cloudflare.com jerry.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 8 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "CyRadar", "Fortinet", "Kaspersky", "Lionic", "Phishing Database", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/pvc2ZQ7p/ea0771c58b95.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/eng-io-metamasklgn.pages.dev
- Wayback Machine: https://web.archive.org/web/https://eng-io-metamasklgn.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/eng-io-metamasklgn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eng-io-metamasklgn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eng-io-metamasklgn.pages.dev/
Last updated: 2026-03-19