# metamasksso.gitbook.io — MALICIOUS > metamasksso.gitbook.io impersonates MetaMask SSO with 6/95 VirusTotal detections. Check the full report. ## Summary PhishDestroy identifies metamasksso.gitbook.io as an active brand impersonation site targeting MetaMask users through fake SSO claims. The domain uses a deliberately misleading subdomain and page title (Metamask extension | us) to deceive visitors into downloading malicious extensions or surrendering credentials. This elevated-risk site leverages Cloudflare’s infrastructure to obscure its origin while maintaining HTTPS trust through Google Trust Services, a tactic observed in credential phishing campaigns against cryptocurrency users. This domain was flagged by 6 out of 95 VirusTotal security vendors at last inspection, indicating partial but not universal detection. It resolves to IP 172.64.147.209 via Cloudflare, Inc (registered March 30, 2014) — an unusually long-standing domain repurposed for fraud. The page title explicitly mimics MetaMask’s official branding, and the presence of a fake SSO portal suggests a targeted attempt to harvest login credentials under the guise of a legitimate MetaMask extension. The low absolute detection rate (6/95) combined with high infrastructure trust (Google Trust Services SSL, Cloudflare CDN) increases risk of successful deception. To mitigate exposure, users should avoid clicking links from unsolicited messages claiming to be MetaMask SSO. Always verify the domain at the official site (metamask.io) and use browser extensions or security tools that detect impersonation pages. Organizations should add this domain to network blocklists and educate teams on recognizing SSO-themed phishing lures. Report suspected phishing attempts to MetaMask’s official security channels to aid in takedown efforts. ## Threat Details - Verdict: MALICIOUS - Site status: cloaking (HTTP ?) - Target brand: MetaMask - Page title: Metamask extension | us ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 172.64.147.209 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7b7aee45-f391-42b8-a97c-7f88be110f3c - PhishDestroy: https://phishdestroy.io/domain/metamasksso.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/metamasksso.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/metamasksso.gitbook.io/ Last updated: 2026-04-14