# metmsklogqn.gitbook.io — MALICIOUS

> metmsklogqn.gitbook.io impersonates MetaMask to steal credentials. This high-risk phishing domain is now offline. Stay vigilant and avoid this site.

## Summary
PhishDestroy identifies metmsklogqn.gitbook.io as a high-risk brand impersonation domain targeting MetaMask users. The domain posed a severe threat by mimicking MetaMask's login page, aiming to capture sensitive user credentials.

The domain was created on March 06, 2026, and registered via Cloudflare, Inc. It appeared on two security blocklists and was flagged by 12 out of 95 VirusTotal security vendors. It resolved to the IP address 172.64.147.209, consistent with phishing infrastructure.

Currently, metmsklogqn.gitbook.io is offline, mitigating immediate risk. Users are advised to remain cautious, avoid interacting with suspicious MetaMask-related links, and verify site authenticity before entering credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: MetaMask
- Page title: #Login* | MetaMask® - Login

## Domain Intelligence
- Registered: 2026-03-06 11:15:03
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.64.147.209
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc2df-8f6a-7455-8f8b-3c693788aa44.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/metmsklogqn.gitbook.io
- Wayback Machine: https://web.archive.org/web/https://metmsklogqn.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/metmsklogqn.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/metmsklogqn.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metmsklogqn.gitbook.io/
Last updated: 2026-03-19