# metmsklzgn.gitbook.io — SUSPICIOUS

> metmsklzgn.gitbook.io hosts a crypto drainer impersonating unknown brands. Flagged by 0 of 95 VirusTotal vendors, blocked by PhishDestroy and MetaMask.

## Summary
The domain metmsklzgn.gitbook.io is currently under active investigation for hosting a crypto drainer, a type of malicious software designed to steal cryptocurrency assets from victims by intercepting and replacing wallet addresses or transaction details. This threat is categorized as a high-risk crypto drainer operation, with multiple security vendors and browser extensions already blocking access to the site. The current status of this investigation remains active, indicating ongoing monitoring and potential escalation as new intelligence emerges.  This domain was flagged by 3 security blocklists, including PhishDestroy, MetaMask, and SEAL, while VirusTotal currently shows 0 detections out of 95 vendors. The domain is registered through Cloudflare, Inc., resolves to the IP address 172.64.147.209, and holds an SSL certificate issued by Google Trust Services. The domain was created on March 30, 2014, which may indicate either a long-standing but recently compromised domain or a deliberate attempt to appear legitimate through age. These technical indicators suggest a sophisticated setup aimed at evading detection while maintaining plausible deniability through trusted infrastructure providers.  Given the active status of this threat and the specific targeting of cryptocurrency users, PhishDestroy recommends immediate avoidance of this domain and any associated links or advertisements. Users should verify the authenticity of any crypto-related websites independently, such as by cross-referencing official sources or using trusted browser extensions for real-time blocking. Additionally, crypto wallet users should enable transaction simulation tools or hardware wallet confirmations to detect and prevent unauthorized transactions. Organizations are advised to update their threat intelligence feeds to include this domain and monitor for any emerging campaigns leveraging similar infrastructure. Proactive measures, including user education on crypto drainer tactics, are critical to mitigating the risk of asset loss.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 172.64.147.209

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ee24f7fd-12fb-4384-9b8e-e29e789a76e9
- PhishDestroy: https://phishdestroy.io/domain/metmsklzgn.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/metmsklzgn.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/metmsklzgn.gitbook.io/
Last updated: 2026-03-31