sso-webpage--metamask-com.tem3[.]io
Category: Phishing And Fraud
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of sso-webpage--metamask-com.tem3[.]io
This domain appears to host a landing page that imitates MetaMask, a well-known cryptocurrency wallet and blockchain access tool. The page title and visible branding reference “MetaMask,” and the screenshot shows wallet-themed promotional content such as “A crypto wallet & gateway to blockchain apps,” along with download-style calls to action.
At the same time, the site appears to be running on a third-party landing-page infrastructure under the tem3.io domain rather than an official MetaMask-owned domain. The page also contains visible builder-related text such as “Site built on Temp3,” which suggests it may be a templated or rapidly deployed page rather than an official product website. Based on the domain structure and page presentation, this appears to be a crypto-themed impersonation or credential-harvesting setup rather than a legitimate standalone service.
Safety Assessment for sso-webpage--metamask-com.tem3[.]io
Multiple scan sources classify this URL as phishing or fraud-related, and 15 out of 91 security engines flagged it at the time of this scan. In addition, blacklist data shows the URL was listed for social-engineering-related activity by at least one major browsing protection source, and malware scanning indicated a malicious result with the page’s index file flagged.
The domain name and page content also raise strong impersonation concerns. Although the visible content presents itself as MetaMask, the actual host is a subdomain of tem3.io, not an official MetaMask domain. The scan context further notes that the domain closely resembles temu.com, which may indicate look-alike naming behavior on top of the MetaMask branding shown on the page. The combination of brand-style presentation, non-official hosting, and phishing detections is a significant warning sign.
A flagged outbound reference to a suspicious external endpoint was also identified during the malware scan, which may indicate tracking, payload delivery, or other unwanted behavior. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid TLS certificate issued by a mainstream certificate authority and is served through Cloudflare infrastructure, with hosting resolved to a Cloudflare IP in Canada. A valid certificate only indicates encrypted transport and should not be treated as proof of legitimacy. DNSSEC appears to be unsigned, which is not uncommon but does mean there is no DNSSEC-based authenticity protection visible in this scan.
WHOIS data indicates the domain is relatively new and not ranked in major popularity lists, which can be consistent with low-visibility or disposable campaign infrastructure. The page appears to rely on external assets from content-delivery networks and multiple tekoapis-related subdomains, including one endpoint that was flagged during scanning. Taken together, the infrastructure appears consistent with a hosted landing page that may have been set up quickly for deceptive use.
Share your experience with this website. Was it safe? Did you encounter any issues?