# metamasak.online — SUSPICIOUS

> Stay safe from metamasak.online, a phishing site mimicking MetaMask. Avoid sharing credentials and verify URLs before interacting with airdrops.

## Summary
PhishDestroy has identified metamasak.online as a medium-risk phishing domain targeting MetaMask users through brand impersonation. The domain’s page, titled "Airdrop," attempts to lure victims by mimicking MetaMask’s branding to harvest sensitive credentials or private keys.

The domain was registered on August 1, 2025, via Isimtescil Bilisim A.S. and resolved to the IP address 84.32.84.172. It has been flagged by 3 out of 95 security vendors on VirusTotal and appears on at least one security blocklist. The domain infrastructure and registration details align with typical phishing tactics aimed at deceiving users with fake airdrop offers.

Currently, metamasak.online is offline, reducing immediate risk. Users are advised to remain vigilant by verifying URLs carefully before entering any sensitive information and avoid engaging with suspicious airdrop campaigns. Security teams should continue monitoring for similar impersonation domains to protect users from credential theft.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Target brand: MetaMask
- Page title: Airdrop

## Domain Intelligence
- Registered: 2025-08-01 19:03:28
- Expires: 2026-08-01 23:59:59
- Registrar: Isimtescil Bilisim A.S.
- Country: TR
- IP: 84.32.84.172
- IP Country: LT
- IP City: Vilnius
- IP Org: AS47583 Hostinger International Limited
- Nameservers: ns1.dns-parking.com ns2.dns-parking.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["alphaMountain.ai", "Bfore.Ai PreCrime", "Seclookup"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199f364-7cc2-77f2-ba31-4faa629e8e01.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/eda1fa0f-12e4-4a7e-9315-1827e520cd6a
- PhishDestroy: https://phishdestroy.io/domain/metamasak.online/
- LLM endpoint: https://phishdestroy.io/domain/metamasak.online/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamasak.online/
Last updated: 2026-03-19