# log-en-metamask-x.pages.dev — MALICIOUS

> log-en-metamask-x.pages.dev impersonates MetaMask and poses high risk. Avoid interacting with this domain and report suspicious activity immediately.

## Summary
PhishDestroy classifies log-en-metamask-x.pages.dev as a high-risk brand impersonation threat targeting MetaMask users. This phishing domain attempts to deceive victims by mimicking a trusted crypto wallet interface.

The domain was created on February 21, 2026, and is registered through Cloudflare, Inc. It is flagged by Google Safe Browsing under SOCIAL_ENGINEERING and appears on multiple security blocklists. VirusTotal data shows 14 out of 95 vendors detect malicious activity, and it resolves to IP 172.66.47.116. The page title was identified as "Suspected phishing site | Cloudflare," indicating hosting infrastructure countermeasures.

Currently, the domain is offline, mitigating immediate risk. Users should avoid visiting or submitting credentials on this domain. PhishDestroy recommends keeping security software updated and verifying official MetaMask URLs to prevent credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.116
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["donna.ns.cloudflare.com", "fred.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c3d9c-7285-752c-9cb4-619f3c041623.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1dc28262-9bf1-4e10-b8cd-85cd35404d1d
- PhishDestroy: https://phishdestroy.io/domain/log-en-metamask-x.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/log-en-metamask-x.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/log-en-metamask-x.pages.dev/
Last updated: 2026-03-19