# metamask-login-support.pages.dev — MALICIOUS

> The domain metamask-login-support.pages.dev posed a MetaMask phishing risk. It is now offline. Avoid interaction and verify URLs carefully for safety.

## Summary
PhishDestroy identifies metamask-login-support.pages.dev as a high-risk domain involved in brand impersonation targeting MetaMask users. Classified under phishing threats, this domain was designed to deceive users by mimicking the legitimate MetaMask login interface, aiming to steal credentials or private keys.

Technical indicators reveal that the domain was created on February 21, 2026, and registered through Cloudflare, Inc. It resolved to IP address 172.66.47.66. VirusTotal analysis flagged it by 14 out of 95 security vendors, and it appeared on two separate security blocklists. The Cloudflare-hosted page bore the title "Suspected phishing site | Cloudflare," confirming its malicious intent.

Currently, metamask-login-support.pages.dev is offline, reflecting a responsive takedown likely coordinated with hosting and security providers. Users are urged to remain vigilant and only access MetaMask through official channels to avoid compromise. PhishDestroy recommends verifying any MetaMask login requests and reporting suspicious domains promptly to maintain security.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.66
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["brit.ns.cloudflare.com", "alec.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bbcfd-9a7c-7178-b68d-3a00a54a478d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4f21419a-e1dd-4a03-8266-db6dc60fcaeb
- PhishDestroy: https://phishdestroy.io/domain/metamask-login-support.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/metamask-login-support.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamask-login-support.pages.dev/
Last updated: 2026-03-19