# metamasskasxtensio.gitbook.io — MALICIOUS

> Warning: The domain metamasskasxtensio.gitbook.io impersonates MetaMask and is flagged as high-risk. Avoid interaction and verify sources carefully.

## Summary
PhishDestroy identifies metamasskasxtensio.gitbook.io as a high-risk domain impersonating the legitimate MetaMask brand. This domain was taken offline after being flagged on multiple security blocklists and by several antivirus engines. Users visiting this site risk falling victim to scams that can lead to account compromise or financial loss.

This phishing operation typically tricks users by mimicking the official MetaMask Chrome extension page, creating a sense of trust through familiar branding. The attackers exploit this trust to steal sensitive information such as private keys or login credentials. Despite being registered years ago, the domain was recently used in fraudulent activity and resolved to an IP associated with Cloudflare services, complicating immediate takedown efforts.

To stay safe, users should always verify URLs before entering sensitive data, only download extensions from official sources like the Chrome Web Store, and use security tools that block known phishing sites. If you encounter suspicious MetaMask-related domains, report them to the official MetaMask team and avoid interacting with the site. Maintaining vigilance protects your digital assets from these deceptive scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: MetaMask® chrome Extension | us

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Expires: 2031-03-30 06:09:09
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.40.47
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a8707-5895-728a-ab21-55decc70a867.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/51a79b0e-b9de-4c4b-a68f-44eacd898d55
- Wayback Machine: https://web.archive.org/web/https://metamasskasxtensio.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/metamasskasxtensio.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/metamasskasxtensio.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamasskasxtensio.gitbook.io/
Last updated: 2026-03-19