# metarapid.github.io — MALICIOUS

> Avoid metarapid.github.io—this impersonation site poses a high phishing risk targeting MetaMask users. The domain is offline but remains dangerous.

## Summary
PhishDestroy identifies metarapid.github.io as a high-risk phishing domain engaged in brand impersonation targeting MetaMask users. The domain aimed to deceive visitors with a page titled "Download MetaMask Extension for Desktop and Mobile," increasing the threat to cryptocurrency users.

Evidence supporting this risk includes its creation date dating back to 2013, registration through GitHub, Inc., and resolution to a GitHub-associated IP address (185.199.109.153). The domain triggered alerts from 13 out of 95 security vendors on VirusTotal and appears on two separate security blocklists, confirming its malicious intent and suspicious infrastructure.

Currently, metarapid.github.io is offline, reducing immediate risk, but users should remain vigilant and avoid any similar URLs impersonating MetaMask. PhishDestroy recommends verifying official sources and using direct links from MetaMask’s verified websites and app stores to prevent compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: MetaMask
- Page title: Download MetaMask Extension for Desktop and Mobile

## Domain Intelligence
- Registered: 2013-03-08 00:00:00
- Expires: 2027-03-08 00:00:00
- Registrar: GitHub, Inc.
- Country: US
- IP: 185.199.109.153
- IP Country: US
- IP City: San Francisco
- IP Org: AS54113 Fastly, Inc.
- Nameservers: dns1.p05.nsone.net dns2.p05.nsone.net dns3.p05.nsone.net ns-1622.awsdns-10.co.uk ns-692.awsdns-22.net
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b65ae-b293-711c-9a74-da7562461d6b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/fa1ffcff-732e-4e7f-ae2e-323ea0cbda76
- Wayback Machine: https://web.archive.org/web/https://metarapid.github.io
- PhishDestroy: https://phishdestroy.io/domain/metarapid.github.io/
- LLM endpoint: https://phishdestroy.io/domain/metarapid.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metarapid.github.io/
Last updated: 2026-03-19