# gebyar-shopee96.blogspot.com — MALICIOUS > gebyar-shopee96.blogspot.com is a crypto drainer impersonating Shopee. 11/95 VirusTotal detections confirm fraud. ## Summary PhishDestroy identifies gebyar-shopee96.blogspot.com as an active phishing page posing as Shopee to harvest user credentials and session tokens. Security telemetry shows the domain resolves to 142.251.208.1 and carries a Google Trust Services SSL certificate to appear legitimate; however, 11 of 95 VirusTotal security vendors already flag it as malicious, indicating a high likelihood of fraudulent activity. This domain is part of an ongoing campaign to drain cryptocurrency wallets after tricking victims into entering their login details. This domain was flagged by 11 out of 95 VirusTotal scanners at the time of discovery; it currently resolves to IP 142.251.208.1 and routes traffic through Google’s infrastructure to evade basic blocking. The page impersonates Shopee’s login interface, a well-known e-commerce platform in Southeast Asia, and uses a valid SSL certificate issued by Google Trust Services to enhance credibility. Public records show it is hosted on Blogger, a free publishing platform often abused by threat actors for quick deployment. The campaign is active and rapidly evolving, with limited blocklist coverage due to short domain lifetimes and shared hosting environments. Users who visited gebyar-shopee96.blogspot.com should immediately revoke any active sessions on Shopee, change passwords using a clean device, and inspect browser extensions and wallets for unauthorized transactions. Do not reuse passwords across services and enable two-factor authentication on all accounts. Report suspicious links to PhishDestroy for confirmation and avoid entering sensitive information on untrusted pages. If wallet access was granted, revoke connected permissions and transfer remaining assets to a secure wallet. Monitor financial accounts closely for signs of unauthorized activity. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 142.251.208.1 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7371427f-8da1-4cf2-84f3-745bc7e680e8 - PhishDestroy: https://phishdestroy.io/domain/gebyar-shopee96.blogspot.com/ - LLM endpoint: https://phishdestroy.io/domain/gebyar-shopee96.blogspot.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gebyar-shopee96.blogspot.com/ Last updated: 2026-03-21