# metamask-dynamic-demo.vercel.app — MALICIOUS > This Vercel-hosted domain impersonates MetaMask to steal credentials. With 8 of 95 VirusTotal detections, avoid entering wallet details. ## Summary This domain, metamask-dynamic-demo.vercel.app, is actively impersonating MetaMask in an attempt to deceive users into divulging sensitive wallet credentials. The site leverages legitimate hosting through Vercel Inc. and a Google Trust Services SSL certificate to appear authentic, but its primary goal remains malicious: to harvest login details under the guise of a MetaMask demo. Users who interact with this page risk direct exposure of their cryptocurrency assets through credential theft or phishing redirects. This is not a theoretical risk; threat detection platforms have already raised multiple alarms. PhishDestroy identifies this domain as a clear brand impersonation threat targeting MetaMask users. The domain was flagged by 8 out of 95 security vendors on VirusTotal, indicating significant, though not universal, recognition of its malicious nature. While the exact registration date is not disclosed, the use of a legitimate service like Vercel with a globally trusted SSL certificate demonstrates the sophistication behind this operation. The domain resolves to IP address 216.198.79.67, which has been associated with fraudulent MetaMask-related campaigns in the past. This combination of trusted infrastructure and deceptive branding creates a highly convincing trap for unsuspecting cryptocurrency users. If you have visited metamask-dynamic-demo.vercel.app, take immediate action to protect your assets. First, disconnect any connected wallets and revoke any active session permissions through your MetaMask settings under 'Connected Sites.' Next, scan your device for malware using a reputable security solution—this domain may have deployed additional payloads. Finally, report the domain to MetaMask support and consider changing your wallet password. Never reuse wallet passwords across platforms. For future protection, always verify site URLs manually and use browser extensions that detect phishing domains. Stay vigilant: legitimate MetaMask communications originate from official domains like metamask.io or community.metamask.io. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: MetaMask ## Domain Intelligence - Registrar: Vercel Inc. - IP: 216.198.79.67 ## Detection Status - VirusTotal: 8 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2a27e53d-83b6-4134-bfab-572519a4b7c0 - PhishDestroy: https://phishdestroy.io/domain/metamask-dynamic-demo.vercel.app/ - LLM endpoint: https://phishdestroy.io/domain/metamask-dynamic-demo.vercel.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/metamask-dynamic-demo.vercel.app/ Last updated: 2026-03-24