# wel-metamask-login.pages.dev — MALICIOUS

> Beware of wel-metamask-login.pages.dev, a phishing site impersonating MetaMask. Currently offline but flagged for social engineering scams.

## Summary
PhishDestroy identifies wel-metamask-login.pages.dev as a high-risk phishing domain targeting MetaMask users. This site poses significant danger by attempting to steal sensitive login credentials under the guise of a legitimate cryptocurrency wallet service.

This phishing attack works by mimicking MetaMask’s branding and login interface to deceive users into entering private keys or passwords. The domain was registered recently in February 2026 and flagged by Google Safe Browsing for social engineering. It also appears on multiple security blocklists and has a poor trust score, confirming its malicious intent.

If you have visited this domain, it is crucial to immediately change your MetaMask passwords and enable two-factor authentication where possible. Avoid interacting with any emails or messages referencing this domain, and monitor your accounts for unauthorized activity. PhishDestroy advises caution as the site remains offline but could reappear under a different address.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.238
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["zariyah.ns.cloudflare.com", "javier.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a7ce0-79ee-75e6-a9da-3886bfabde01.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/06e4cff1-bd8b-45e2-ba11-d3cdab0aeb99
- PhishDestroy: https://phishdestroy.io/domain/wel-metamask-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/wel-metamask-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wel-metamask-login.pages.dev/
Last updated: 2026-03-19