# metamask-wqllet.gitbook.io — MALICIOUS

> metamask-wqllet.gitbook.io is a high-risk crypto drainer domain flagged for phishing. Stay vigilant and avoid interaction to protect your assets.

## Summary
PhishDestroy identifies metamask-wqllet.gitbook.io as a high-risk threat associated with crypto draining activities. This domain impersonates the legitimate MetaMask wallet service to deceive users into divulging sensitive cryptocurrency credentials, potentially leading to significant financial loss.

Evidence supporting this classification includes the domain's recent creation date of March 14, 2026, and registration through Cloudflare, Inc., a common choice for threat actors seeking anonymity. The domain currently resolves to the IP address 172.64.147.209 and has been flagged by 15 out of 95 security vendors on VirusTotal. Additionally, it appears on two distinct security blocklists. The page title mimics official MetaMask branding, increasing its credibility and the likelihood of successful phishing.

Currently, the domain status is offline, indicating it has been taken down or suspended, reducing immediate danger. Users are urged to remain cautious and avoid any links or communications involving this domain. Employing reputable security tools and verifying URLs before entering any credentials are critical steps to mitigate risks related to such fraudulent domains. PhishDestroy continues monitoring for potential reemergence or related threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: MetaMask® Wallet - The crypto wallet for Defi, Web3 Dapps | MetaMask® Wallet - The crypto wallet for Defi, Web

## Domain Intelligence
- Registered: 2026-03-14 13:07:02
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.64.147.209
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce694-3860-766d-b5ae-7cecef5d7e36.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/22c93fea-b9af-4ea5-a6ca-633a39a5fe10
- PhishDestroy: https://phishdestroy.io/domain/metamask-wqllet.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/metamask-wqllet.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamask-wqllet.gitbook.io/
Last updated: 2026-03-19