# login-metamask.top — SUSPICIOUS > PhishDestroy warns that login-metamask.top hosts a MetaMask crypto drainer; VirusTotal flags 3/95 vendors. ## Summary PhishDestroy identifies login-metamask.top as an active brand-impersonation domain targeting MetaMask users with a crypto drainer kit designed to steal wallet credentials and assets. The site masquerades as the official MetaMask login portal to trick victims into entering their recovery phrases or private keys, which are immediately harvested by the drainer for unauthorized transfers. This attack vector is particularly dangerous because it preys on trust in well-known crypto brands and exploits user urgency to access funds quickly. This domain was flagged by PhishDestroy with a VirusTotal detection score of 3 out of 95 security vendors, indicating limited but concerning recognition of its malicious nature. The site was registered through NameSilo, LLC and resolves to IP address 104.21.11.101. Its SSL certificate was issued by Let's Encrypt, which is commonly abused by attackers to appear legitimate. The domain was created on March 20, 2026, making it a very recent threat. It is not currently blocked by Google Safe Browsing (GSB) and has been added to multiple blocklists due to its impersonation of MetaMask and active crypto drainer operations. As of today, login-metamask.top remains active and poses an elevated risk to unsuspecting users. PhishDestroy has issued an immediate block recommendation and is monitoring the domain for infrastructure changes. Users are strongly advised to verify any MetaMask-related login page using PhishDestroy’s verification tool before entering credentials. The residual risk remains high due to the domain’s recent creation and low initial detection rate, emphasizing the need for continuous vigilance and proactive threat intelligence sharing. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: MetaMask ## Domain Intelligence - Registered: 2026-03-20 15:54:41 - Registrar: NameSilo, LLC - IP: 104.21.11.101 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8b8c72ce-28f8-479a-acae-215ff428ef77 - PhishDestroy: https://phishdestroy.io/domain/login-metamask.top/ - LLM endpoint: https://phishdestroy.io/domain/login-metamask.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/login-metamask.top/ Last updated: 2026-03-22