# learn-metamask-ion.pages.dev — MALICIOUS

> learn-metamask-ion.pages.dev poses a high-risk MetaMask phishing threat. Avoid interaction and secure your crypto assets with PhishDestroy guidance.

## Summary
PhishDestroy identifies learn-metamask-ion.pages.dev as a high-risk phishing domain impersonating the MetaMask brand to deceive users and steal sensitive cryptocurrency credentials. This type of brand impersonation is critical given MetaMask's widespread use as a digital wallet, making users vulnerable to financial loss and identity theft.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and resolves to IP address 172.66.47.132. It was flagged by 14 out of 95 security vendors on VirusTotal and appears on multiple security blocklists. Google Safe Browsing also categorizes it under social engineering threats. At the time of this report, the domain has been taken offline and was noted as a suspicious phishing page by Cloudflare.

Users are strongly advised to avoid interacting with the domain or any related links. Ensure that you access MetaMask only through official channels and verify URLs before submitting sensitive information. Regularly update security software and monitor accounts for unauthorized activity. For additional protection and timely alerts, consult PhishDestroy resources to stay informed about emerging phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.132
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["mario.ns.cloudflare.com", "deborah.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c33ac-1e10-70bf-9752-def3b752dfe5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ace7e2cd-ed5e-44fe-b86d-11a8a6b9912c
- PhishDestroy: https://phishdestroy.io/domain/learn-metamask-ion.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/learn-metamask-ion.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/learn-metamask-ion.pages.dev/
Last updated: 2026-03-19