# eumetamask-login.pages.dev — MALICIOUS

> Caution: eumetamask-login.pages.dev is a high-risk phishing domain impersonating MetaMask. Avoid interaction; site is offline but was flagged for social.

## Summary
PhishDestroy identifies eumetamask-login.pages.dev as a dangerous phishing domain targeting MetaMask users. The site was designed to deceive individuals by mimicking the MetaMask login interface, aiming to steal sensitive credentials. Such brand impersonation poses a high risk as it exploits user trust in a popular cryptocurrency wallet, potentially leading to financial loss or account compromise.

This phishing operation worked by hosting a counterfeit login page that closely resembled the authentic MetaMask interface. Visitors attempting to log in would unknowingly submit their secrets to attackers. The domain was flagged by Google Safe Browsing for social engineering, appeared on multiple security blocklists, and was detected by several vendors on VirusTotal. Although the site has been taken offline, its recent creation date and Cloudflare registration suggest a carefully orchestrated scam. The domain resolved to IP 172.66.46.248 before being disabled.

Users who suspect they accessed eumetamask-login.pages.dev should immediately change their MetaMask passwords and enable two-factor authentication where possible. It's essential to review recent account activity and monitor for suspicious transactions. Avoid clicking on unsolicited links or entering credentials on unverified pages. Reporting such domains to security platforms like PhishDestroy helps protect others from falling victim to these persistent phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["chase.ns.cloudflare.com", "lola.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c7902-e307-7692-aa79-1eb6ac1eaac5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c80c4845-c91d-4bfa-8a3a-bacb4ee58c00
- PhishDestroy: https://phishdestroy.io/domain/eumetamask-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/eumetamask-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eumetamask-login.pages.dev/
Last updated: 2026-03-19