# metamask-usdt.pages.dev — SUSPICIOUS

> Discover the risks behind metamask-usdt.pages.dev, a crypto drainer domain flagged and taken offline. Learn about its infrastructure and threat profile.

## Summary
PhishDestroy identifies metamask-usdt.pages.dev as a crypto drainer domain designed to illicitly harvest cryptocurrency assets from unsuspecting users. It is classified as a medium-risk threat due to its targeted nature and potential financial impact. The domain mimics legitimate crypto wallet services to deceive victims into revealing sensitive information.

Technical analysis reveals that the domain was registered through Cloudflare, Inc. and created on February 21, 2026. Despite being relatively new, it appeared on three security blocklists and was flagged by multiple security vendors on VirusTotal, indicating a consensus about its malicious intent. The use of a reputable hosting provider like Cloudflare suggests an attempt to evade early detection and leverage trusted infrastructure.

Currently, metamask-usdt.pages.dev has been taken offline, effectively neutralizing its immediate threat. PhishDestroy recommends continued monitoring of similar domains and advises users to remain cautious when interacting with unofficial cryptocurrency-related sites. Prompt takedown and community awareness remain critical in mitigating risks posed by such crypto drainers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.70
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["mary.ns.cloudflare.com", "clayton.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "Phishing Database"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c7a59-1313-76ab-941b-89979b44b92c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1d804789-949c-48ab-a5ac-e912f9f9b45b
- PhishDestroy: https://phishdestroy.io/domain/metamask-usdt.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/metamask-usdt.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamask-usdt.pages.dev/
Last updated: 2026-03-19