# metamasklogin-en-learn.pages.dev — MALICIOUS

> Avoid metamasklogin-en-learn.pages.dev—flagged for phishing and brand impersonation targeting MetaMask users. Site is offline for safety.

## Summary
PhishDestroy identifies metamasklogin-en-learn.pages.dev as a high-risk domain involved in brand impersonation targeting MetaMask users. This site was designed to deceive individuals by mimicking the widely used MetaMask cryptocurrency wallet interface, posing significant risks of credential theft and social engineering attacks.

Supporting intelligence highlights that this domain was created recently on February 21, 2026, and registered through Cloudflare, Inc. It was flagged by Google Safe Browsing for social engineering threats and appeared on three distinct security blocklists. Additionally, 14 out of 95 security vendors on VirusTotal detected malicious activity related to this domain. The domain resolved to IP address 172.66.44.185, consistent with Cloudflare’s infrastructure, which is commonly abused for phishing hosting.

Currently, the site is offline, effectively neutralizing the immediate threat. Users are strongly advised not to visit or interact with metamasklogin-en-learn.pages.dev. MetaMask users should always verify URLs carefully and access official wallet services through trusted channels. Continuous monitoring and user education remain vital to prevent future incidents of brand impersonation leveraging similar infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.185
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["grannbo.ns.cloudflare.com", "alex.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c1fff-c99a-70ff-bede-323699144d43.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3880d91e-abc1-4db0-beb6-a8425c8f2cce
- PhishDestroy: https://phishdestroy.io/domain/metamasklogin-en-learn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/metamasklogin-en-learn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamasklogin-en-learn.pages.dev/
Last updated: 2026-03-19