# metamask-verification.link — MALICIOUS

> metamask-verification.link impersonates MetaMask to steal credentials. Avoid interacting with this domain and verify URLs to stay safe online.

## Summary
PhishDestroy identifies metamask-verification.link as a high-risk brand impersonation domain targeting MetaMask users. This domain aims to deceive victims by mimicking the legitimate MetaMask service, potentially harvesting sensitive login credentials and compromising user assets. Such attacks can lead to unauthorized access to cryptocurrency wallets, posing significant financial risks.

The domain metamask-verification.link was registered on February 21, 2026, through Global Domain Group LLC and resolved to IP address 65.21.174.205. It appeared on three separate security blocklists and was flagged by 12 out of 95 security vendors on VirusTotal as malicious. Although currently taken offline, this domain’s prior activity and infrastructure indicate a deliberate attempt to exploit MetaMask’s brand trust.

Users are strongly advised not to visit metamask-verification.link or provide any personal or wallet information if encountered. Always verify website URLs carefully and use official MetaMask channels for account management. Employ updated security software and enable multi-factor authentication where possible to reduce the risk of credential theft. Reporting suspicious domains helps improve community defenses against phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Account disabled by server administrator

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Global Domain Group LLC
- Country: US
- IP: 65.21.174.205
- IP Country: FI
- IP City: Helsinki
- IP Org: AS24940 Hetzner Online GmbH
- Nameservers: ["ns41.link-host.net", "ns42.link-host.net"]
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Seclookup", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199ef83-3d78-716a-86e6-b6e57e107a6d.png
- PhishDestroy: https://phishdestroy.io/domain/metamask-verification.link/
- LLM endpoint: https://phishdestroy.io/domain/metamask-verification.link/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamask-verification.link/
Last updated: 2026-03-19