# geminxi-logen.gitbook.io — MALICIOUS

> geminxi-logen.gitbook.io impersonates a legitimate service while deploying a fake login phishing page.

## Summary
PhishDestroy identifies geminxi-logen.gitbook.io as an active fake login phishing domain posing elevated risk. This site, registered through Cloudflare on March 30, 2014, leverages a Google Trust Services SSL certificate to appear legitimate while attempting credential theft. VirusTotal analysis confirms detection by 7 of 95 security vendors, and Google Safe Browsing flags it specifically for social engineering attacks. The domain's age and Cloudflare registration obscure origin while the Google SSL certificate adds a false veneer of authenticity to deceive potential victims.

Technical analysis reveals that geminxi-logen.gitbook.io resolves to IP address 172.64.147.209, which is associated with hosting infrastructure known to support phishing operations. The domain's age (established in 2014) suggests it may have initially been legitimate but is now compromised or repurposed by threat actors. The presence of 7 detections on VirusTotal, while not definitive proof of malicious intent, combined with Google's social engineering classification and minimal community trust indicators, elevates the threat level to 'elevated.' The use of a legitimate-looking GitBook subdomain demonstrates a common tactic to bypass basic domain reputation checks.

Users who have visited geminxi-logen.gitbook.io should immediately check for unauthorized account access, enable two-factor authentication on all relevant accounts, and scan local devices with updated antivirus software. If any credentials were entered, change passwords immediately and monitor accounts for suspicious activity. Report this domain through PhishDestroy's verification system to help block future threats. Avoid interacting with suspicious login prompts and verify service websites directly from official sources before submitting credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 172.64.147.209

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/156160bd-cb9f-4bce-bdce-04734a98acdd
- PhishDestroy: https://phishdestroy.io/domain/geminxi-logen.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/geminxi-logen.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/geminxi-logen.gitbook.io/
Last updated: 2026-03-28