# vipmetamask.vip — SUSPICIOUS > WARNING: vipmetamask.vip is a crypto drainer impersonating MetaMask. VirusTotal shows 0/95 detections. Verify on PhishDestroy before interacting. ## Summary PhishDestroy identifies vipmetamask.vip as an active brand impersonation site targeting MetaMask users. This domain is designed to deceive visitors into connecting cryptocurrency wallets under the false pretense of official MetaMask services. The site mimics MetaMask’s branding to trick users into entering sensitive wallet credentials or authorizing malicious transactions, putting cryptocurrency holdings at direct risk of theft. This domain was flagged with the following technical indicators: it resolves to IP address 104.233.244.93 and was registered through Gname.com Pte. Ltd. on March 22, 2026. VirusTotal currently reports 0 out of 95 security engines detecting malicious content, indicating a low immediate detection rate but not confirming safety. The domain remains unlisted on major blocklists as of the latest scan, increasing the likelihood of new users falling victim. If you have visited vipmetamask.vip, immediately disconnect your wallet from the site and revoke any unauthorized permissions through your wallet’s settings. Do not enter any credentials or connect your wallet on this domain. Run a full malware scan on your device and monitor your wallet for suspicious transactions. Report this domain to PhishDestroy and your wallet provider to help block further abuse. Always verify URLs and use official MetaMask channels for any support or downloads. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: MetaMask ## Domain Intelligence - Registered: 2026-03-22 00:14:47 - Registrar: Gname.com Pte. Ltd. - IP: 104.233.244.93 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c82083ea-6696-4ed0-b557-b8643b4f2d1e - PhishDestroy: https://phishdestroy.io/domain/vipmetamask.vip/ - LLM endpoint: https://phishdestroy.io/domain/vipmetamask.vip/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/vipmetamask.vip/ Last updated: 2026-03-23