# logn-web-metamask.pages.dev — MALICIOUS

> Beware of logn-web-metamask.pages.dev, a high-risk crypto drainer domain now offline. Avoid any interaction to protect your assets.

## Summary
PhishDestroy identifies logn-web-metamask.pages.dev as a high-risk crypto drainer domain designed to steal cryptocurrency assets by mimicking legitimate MetaMask login portals. Classified as a sophisticated phishing threat, it specifically targets crypto users by deploying deceptive tactics to capture private keys and seed phrases.

Technical analysis reveals the domain was registered on February 21, 2026, via Cloudflare, Inc. It was flagged by 15 out of 95 security vendors on VirusTotal and appeared on three separate security blocklists. The use of Cloudflare's infrastructure facilitated rapid deployment and potential evasion of some security filters, while the domain’s name cleverly impersonated MetaMask to lure victims.

Currently, the domain has been taken offline, mitigating immediate risk to users. PhishDestroy recommends continuous monitoring of similar domains and advises users to verify URLs carefully before entering sensitive information. Immediate action by security teams and users alike is critical to prevent loss from such crypto-draining scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.13
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["rosa.ns.cloudflare.com", "yadiel.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c3dbe-fbdd-74df-8e5b-1e1a04f7d0f0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d040426d-e823-4379-9231-3386befdff00
- PhishDestroy: https://phishdestroy.io/domain/logn-web-metamask.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/logn-web-metamask.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/logn-web-metamask.pages.dev/
Last updated: 2026-03-19