# metamasxlodsi.gitbook.io — MALICIOUS

> metamasxlodsi.gitbook.io mimics MetaMask in a high-risk phishing attempt. Stay vigilant and avoid interacting with this domain to protect your assets.

## Summary
PhishDestroy identifies metamasxlodsi.gitbook.io as a high-risk domain engaged in brand impersonation targeting MetaMask users. This deceptive site uses a closely related page title "Metamask" to lure unsuspecting victims into revealing sensitive information.

The domain was registered on March 10, 2026, through Cloudflare, Inc., and resolves to IP address 172.64.147.209. It has been flagged on two security blocklists and detected by 15 out of 95 VirusTotal scanning engines, reinforcing its malicious intent. Such indicators demonstrate a well-orchestrated effort to exploit the trust users place in the legitimate MetaMask brand.

Currently, the domain is offline, which reduces immediate risk. However, vigilance is crucial as threat actors often reemerge with new variations. Users should avoid clicking on links related to this domain and report any suspicious activity to their security teams. PhishDestroy continues to monitor for similar impersonation campaigns to help protect the community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: Metamask

## Domain Intelligence
- Registered: 2026-03-10 13:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.64.147.209
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd7a3-fe44-7363-b02b-d1e008feed9f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/de3a2ebe-a5f1-428c-8df5-b94d2e1ef677
- PhishDestroy: https://phishdestroy.io/domain/metamasxlodsi.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/metamasxlodsi.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metamasxlodsi.gitbook.io/
Last updated: 2026-03-19