# login-metamsk.framer.media — MALICIOUS

> login-metamsk.framer.media is a high-risk phishing domain used to steal credentials. Avoid interaction; it is currently offline.

## Summary
PhishDestroy identifies login-metamsk.framer.media as a high-risk credential phishing domain targeting users of MetaMask wallets. The domain was designed to harvest sensitive login information under the guise of a legitimate service.

This domain was registered on February 21, 2026, through CSC Corporate Domains, Inc. It resolved to IP 35.71.142.77 and appeared on two security blocklists. VirusTotal flagged it by 16 out of 95 security vendors. The phishing page itself is no longer accessible and previously showed a "Site Not Found" message hosted on Framer.

Currently, the domain is offline and no longer serving malicious content. Users and organizations should continue to block and monitor for related phishing attempts, as similar domains may emerge. Maintaining updated security controls and user awareness is advised to mitigate credential theft risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: Site Not Found | Framer

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 35.71.142.77
- IP Country: US
- IP City: Seattle
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ["ns-97.awsdns-12.com", "ns-1854.awsdns-39.co.uk", "ns-535.awsdns-02.net", "ns-1267.awsdns-30.org"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Ermes", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bf240-0562-772a-ba49-94fce5c251b3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a5f5ce2c-01f5-41fd-98a4-ef61cace5b4b
- PhishDestroy: https://phishdestroy.io/domain/login-metamsk.framer.media/
- LLM endpoint: https://phishdestroy.io/domain/login-metamsk.framer.media/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/login-metamsk.framer.media/
Last updated: 2026-03-19