# espressobot.gitbook.io — SUSPICIOUS

> espressobot.gitbook.io is a brand impersonation phishing site with 0/95 VirusTotal detections. A legacy domain exploiting GitBook hosting to mimic legitimate.

## Summary
espressobot.gitbook.io is currently under investigation as an active brand impersonation phishing domain. The site leverages a trusted GitBook subdomain to deceive visitors into surrendering sensitive credentials or cryptocurrency, posing as a legitimate crypto or service portal. Its longevity—registered in 2014—and technical infrastructure suggest a persistent threat vector that merits immediate scrutiny from security teams and end users alike.  This domain was flagged after being identified on two independent security blocklists, including MetaMask and SEAL, and resolving to IP address 104.18.40.47. It was registered through Cloudflare, Inc., holds a valid SSL certificate issued by Google Trust Services, and currently remains undetected by VirusTotal with a 0/95 detection score. The domain itself predates modern crypto drainer campaigns, having been created on March 30, 2014, and has since been repurposed for illicit activity. Despite its age and clean infrastructure profile, behavioral indicators and alignment with known phishing TTPs suggest ongoing misuse.  Brand impersonation remains a highly effective attack vector, particularly in crypto and Web3 contexts where trust is paramount. Users encountering espressobot.gitbook.io should treat it as untrusted and refrain from entering personal data, wallet credentials, or connecting crypto wallets. Enterprises are advised to block the domain at DNS and network levels, investigate any internal exposure via proxy logs, and update browser blocklists. Security teams should cross-reference this domain against recent phishing IOC feeds and monitor for related infrastructure pivots. Always verify URLs through official channels and use hardware wallets or multisig for transaction confirmation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 104.18.40.47

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/espressobot.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/espressobot.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/espressobot.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/espressobot.gitbook.io/
Last updated: 2026-04-08