# metafind.github.io — SUSPICIOUS

> Security researchers have identified metafind.github.io as a malicious phishing site masquerading as MetaMask. The domain attempts to harvest crypto wallet credentials through a fake interface. This threat has been added to multiple blocklists for community protection.

## Summary
Threat Overview
The domain metafind.github.io has been identified as a phishing website designed to impersonate MetaMask. This malicious site targets cryptocurrency users by creating a convincing replica of the legitimate MetaMask platform.
Attack Vector
The phishing site attempts to trick users into connecting their wallets or entering their seed phrases and private keys. Once captured, the attackers use these credentials to drain victims' cryptocurrency holdings.
Risk Indicators

- Domain registered on a standard TLD (io)
- Contains brand keywords associated with MetaMask
- Domain length: 18 characters
- Vt Detected
- Drainer Detected

Recommendations
Always access MetaMask through the official website. Never enter your seed phrase or private keys on any website. Use hardware wallets for additional security.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 404)
- Target brand: MetaMask
- Page title: Download MetaMask Extension: Chrome Quick Install Guide

## Domain Intelligence
- Registrar: GitHub, Inc.
- Country: US
- IP: 185.199.110.153
- IP Country: US
- IP City: San Francisco
- IP Org: AS54113 Fastly, Inc.
- Nameservers: ns1.github.com ns2.github.com
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aa1df-171f-71cd-bd95-5a02d109ed0c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ef905412-0930-4982-8b6f-0f50bf137b91
- Wayback Machine: https://web.archive.org/web/https://metafind.github.io
- PhishDestroy: https://phishdestroy.io/domain/metafind.github.io/
- LLM endpoint: https://phishdestroy.io/domain/metafind.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metafind.github.io/
Last updated: 2026-03-19