# metamask-telegram.pages.dev — SUSPICIOUS > PhishDestroy identifies metamask-telegram.pages.dev as a Telegram phishing site impersonating MetaMask infrastructure. VT 0/95 detections as of seed ff75d4. ## Summary PhishDestroy identifies the domain metamask-telegram.pages.dev as a confirmed phishing site leveraging both brand impersonation and Telegram-themed deception to target MetaMask users. The page masquerades as an official MetaMask Telegram channel in an attempt to harvest credentials or seed phrases under the guise of support or airdrop announcements. No active drainer kit infrastructure was observed during analysis; threat actors appear to rely primarily on visual mimicry and social engineering via the Telegram branding. This domain was flagged with a confirmed threat level of under_investigation through PhishDestroy’s automated pipeline seed ff75d4. Technical indicators include a VirusTotal detection score of 0/95, registration via Cloudflare, Inc., resolution to IP address 188.114.97.3, and the presence of a Google Trust Services SSL certificate. The domain currently appears on 2 active security blocklists and has been blocked by MetaMask’s internal defenses and the SEAL threat intelligence blocklist. Creation date and full historical WHOIS data were masked via Cloudflare privacy, limiting attribution. As of this report, metamask-telegram.pages.dev remains active and accessible through several network paths despite active blocking by MetaMask and SEAL. PhishDestroy assesses the remaining risk as moderate due to the lack of current detections on major AV engines, which suggests limited propagation or delayed signature updates. Users are advised to avoid accessing the domain, verify all links via official MetaMask channels (app.metamask.io or support.metamask.io), and report any encounter to MetaMask security or PhishDestroy for further analysis. The site’s continued operation highlights the need for real-time domain scanning and proactive browser-based blocklisting to prevent exposure. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: MetaMask ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["SEAL", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/ebc40d9d-1980-4a7c-b6db-e35f0ea7ff55 - PhishDestroy: https://phishdestroy.io/domain/metamask-telegram.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/metamask-telegram.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/metamask-telegram.pages.dev/ Last updated: 2026-03-23