# new-metamasklogin-us.pages.dev — MALICIOUS

> Check new-metamasklogin-us.pages.dev for phishing risks targeting MetaMask. Learn why it’s flagged and currently offline for user protection.

## Summary
PhishDestroy identifies new-metamasklogin-us.pages.dev as a high-risk domain involved in brand impersonation, specifically targeting MetaMask users. The nature of this threat is phishing, aiming to deceive visitors into divulging sensitive information by pretending to be the legitimate MetaMask service.

Evidence supporting this assessment includes the domain’s registration through Cloudflare, Inc., its recent creation date in February 2026, and multiple security flags. VirusTotal reports detection by 15 out of 95 security vendors, and the domain appears on three separate security blocklists. Additionally, Google Safe Browsing has flagged it for social engineering. The domain resolves to IP address 172.66.44.191 and presented a page title warning "Suspected phishing site | Cloudflare" before being taken offline.

To mitigate risks, this domain has already been taken offline to prevent further harm. Users are strongly advised not to interact with the domain or enter any credentials if encountered. PhishDestroy recommends remaining vigilant for similar suspicious URLs that attempt to impersonate MetaMask or other cryptocurrency services, and to verify URLs carefully before submitting sensitive data.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.191
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["amos.ns.cloudflare.com", "eve.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ba248-d225-7319-ad3d-e16e9a2fdcdf.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/14ee008b-de31-4f4e-8208-fba77c8cb4cf
- PhishDestroy: https://phishdestroy.io/domain/new-metamasklogin-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/new-metamasklogin-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/new-metamasklogin-us.pages.dev/
Last updated: 2026-03-19