Skip to content

Blocklist addition request #267879

Description

@StanleyCarr9

Malicious domains, IPs, IPFS hashes, or IPNS names

vegapoly.xyz
kickpoly.com

Please explain why this content is malicious

These websites impersonate Polymarket by using similar branding and user flows to mislead visitors. The sites solicit users' email addresses and present a Magic.link login prompt resembling the legitimate Polymarket authentication flow, creating the impression that users are signing in to Polymarket.

After an email address is submitted, the sites return a generic error rather than providing the advertised functionality, suggesting that the primary purpose is to collect user information rather than deliver a legitimate service.

The two domains exhibit highly similar branding, behavior, and user flows, indicating they may be operated by the same entity. Both appear to be AI-generated websites and use the same domain registrar/provider ("Trustname") which ignores abuse reports and makes it nearly impossible to file a report.

We believe these sites are part of a phishing campaign intended to deceive Polymarket users into revealing authentication credentials or one-time login codes, which could enable unauthorized access to user accounts and the theft of funds.

We recommend that these domains be investigated and, if confirmed to be malicious, added to MetaMask's phishing blocklist.

Is this a duplicate request?

  • I have checked the issues page and confirmed this is not a duplicate request

Metadata

Metadata

Assignees

No one assigned

    Labels

    blocklist additionIssue or PR requesting addition of a domain to the blocklist

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions