# meta-mask-login-doc.pages.dev — MALICIOUS

> Avoid meta-mask-login-doc.pages.dev, a dangerous MetaMask impostor flagged for phishing. Stay safe by not entering credentials and reporting suspicious sites.

## Summary
PhishDestroy identifies meta-mask-login-doc.pages.dev as a high-risk phishing domain impersonating the MetaMask brand. This site attempts to deceive users by mimicking the legitimate wallet service to steal sensitive login credentials. Given its direct targeting of a well-known crypto platform, users should exercise extreme caution and avoid interaction with this domain.

The domain was registered on February 21, 2026, using Cloudflare, Inc. as the registrar and currently resolves to IP address 172.66.44.174. It appears on three reputable security blocklists and has been flagged by 14 out of 95 VirusTotal security vendors, signaling active malicious activity. The domain’s page title, “Suspected phishing site | Cloudflare,” further indicates its fraudulent nature and Cloudflare’s intervention.

At present, the domain is offline, reflecting successful takedown efforts. Users are strongly advised not to visit or provide any information to this domain. Organizations should update internal blocklists to prevent access and continue monitoring for similar brand impersonation threats to protect users from credential theft and fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.174
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["vicky.ns.cloudflare.com", "miki.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c2cfe-b1f5-7408-a033-bc63a8bc0b18.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/67517ae1-5ab8-4c07-ba56-f3c6ac501eba
- PhishDestroy: https://phishdestroy.io/domain/meta-mask-login-doc.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/meta-mask-login-doc.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/meta-mask-login-doc.pages.dev/
Last updated: 2026-03-19