# metamaskuslogin.mystrikingly.com — MALICIOUS

> metamaskuslogin.mystrikingly.com is a phishing site impersonating MetaMask. Stay safe and avoid entering credentials on this suspicious domain.

## Summary
PhishDestroy has identified metamaskuslogin.mystrikingly.com as a high-risk phishing domain impersonating the popular cryptocurrency wallet MetaMask. This domain was designed to deceive users into divulging sensitive information by mimicking MetaMask's branding. The page title currently reads "Site Under Construction," which may be a tactic to delay detection or lure users into a false sense of security.

The domain was registered on February 21, 2026, through NameCheap, Inc. and resolves to the IP address 52.84.150.63. It has been flagged on four independent security blocklists and detected by 12 out of 95 security vendors on VirusTotal, confirming its malicious intent. The domain is hosted on the Strikingly platform, often abused by threat actors for quick phishing deployments due to its ease of use and free hosting options.

Currently, metamaskuslogin.mystrikingly.com is offline, reducing immediate risk to users. However, given its prior activity and detection history, users are strongly advised to remain vigilant and avoid interacting with any suspicious links or emails referencing this domain. Organizations should implement domain and URL filtering to block access and educate users on the dangers of phishing attempts targeting cryptocurrency wallets such as MetaMask.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Site Under Construction

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NameCheap, Inc.
- Country: US
- IP: 52.84.150.63
- IP Org: Cloudflare CDN
- Nameservers: ["ns-1502.awsdns-59.org", "ns-1685.awsdns-18.co.uk", "ns-359.awsdns-44.com", "ns-887.awsdns-46.net"]
- SSL Issuer: Amazon / Amazon RSA 2048 M04

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "Enkrypt"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c0e8c-3cd4-75b8-9fbc-ef4f06b7bff0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/6e8a89ce-0943-424e-9b74-be732415d0b3
- PhishDestroy: https://phishdestroy.io/domain/metamaskuslogin.mystrikingly.com/
- LLM endpoint: https://phishdestroy.io/domain/metamaskuslogin.mystrikingly.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamaskuslogin.mystrikingly.com/
Last updated: 2026-03-19