# meta-mask-loggin-extension-auth.pages.dev — MALICIOUS

> Avoid meta-mask-loggin-extension-auth.pages.dev—flagged for phishing and social engineering targeting MetaMask users. Site is now offline.

## Summary
PhishDestroy has identified the domain meta-mask-loggin-extension-auth.pages.dev as a high-risk brand impersonation phishing site designed to deceive MetaMask users. Classified under brand impersonation threats, this domain mimics MetaMask login interfaces to harvest sensitive credentials. The deceptive domain name aims to lure victims into believing they are interacting with an official MetaMask platform.

Technical analysis reveals that the domain was registered via Cloudflare, Inc. on February 21, 2026, and resolved to IP address 172.66.47.46. It has been flagged by Google Safe Browsing for social engineering risks and appears on three different security blocklists. VirusTotal scans report detection by 14 out of 95 security vendors, underscoring its malicious nature. The domain’s page title was noted as “Suspected phishing site | Cloudflare,” indicating proactive hosting provider intervention.

Currently, meta-mask-loggin-extension-auth.pages.dev has been taken offline, mitigating immediate threats to users. This swift takedown reflects effective coordination between security entities and hosting services. PhishDestroy recommends vigilance against similar domains and urges users to verify official MetaMask URLs carefully. Continuous monitoring of brand impersonation attempts remains critical to protecting the cryptocurrency community from credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.46
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["matteo.ns.cloudflare.com", "nora.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb2af-ef15-725c-8634-908d4c5b7d6f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d2ee143b-3004-4506-bd2b-7cd04c9fd3b3
- PhishDestroy: https://phishdestroy.io/domain/meta-mask-loggin-extension-auth.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/meta-mask-loggin-extension-auth.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/meta-mask-loggin-extension-auth.pages.dev/
Last updated: 2026-03-19