# methadfmscklogon.gitbook.io — MALICIOUS

> Stay safe from phishing attempts targeting MetaMask. The domain methadfmscklogon.gitbook.io is malicious. Avoid interaction and report suspicious activity.

## Summary
PhishDestroy identifies methadfmscklogon.gitbook.io as a high-risk brand impersonation phishing domain targeting MetaMask users. The site mimics the official MetaMask login page with the title "MetaMask® - Login | us," aiming to deceive users into divulging sensitive credentials. This classification is based on its clear intent to impersonate a well-known cryptocurrency wallet service.

Technically, the domain resolves to the IP address 104.18.40.47 and was registered through Cloudflare, Inc. Although created in 2014, its recent malicious activity triggered flags on three major security blocklists. VirusTotal analysis shows 14 out of 95 security vendors have detected it as malicious. These indicators confirm the domain’s involvement in phishing campaigns designed to harvest user data.

Currently, methadfmscklogon.gitbook.io is offline, indicating that mitigation efforts have been effective. Users are advised to remain vigilant against similar phishing attempts and avoid interacting with suspicious domains purporting to represent MetaMask. PhishDestroy continues monitoring such threats to ensure user safety and awareness.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MetaMask
- Page title: MetaMask® - Login | us

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Expires: 2031-03-30 06:09:09
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.40.47
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a5466-15a7-7602-9409-9f3b39d5023b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/fb16b8c8-0fb5-4371-b12d-df349ed0f5f7
- Wayback Machine: https://web.archive.org/web/https://methadfmscklogon.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/methadfmscklogon.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/methadfmscklogon.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/methadfmscklogon.gitbook.io/
Last updated: 2026-03-19