# germnilogen.gitbook.io — MALICIOUS

> germnilogen.gitbook.io is a credential harvesting domain impersonating GitBook documentation sites. 15/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies germnilogen.gitbook.io as a HIGH-RISK credential-harvesting domain actively masquerading as a GitBook documentation portal to trick users into surrendering login credentials. The site employs convincing UI elements and social-engineering tactics to harvest passwords, session tokens, and multi-factor authentication codes, posing immediate risk to personal accounts and corporate assets.


This domain was flagged by Google Safe Browsing under SOCIAL_ENGINEERING, with 15 out of 95 VirusTotal security vendors flagging the URL as malicious. It resolves to IP 172.64.147.209, is registered through Cloudflare, Inc., and holds an SSL certificate issued by Google Trust Services. The domain was created on March 30, 2014, giving it a deceptive appearance of legitimacy while serving as an active phishing endpoint.


To mitigate credential theft from this domain, users should immediately revoke any reused passwords, enable account recovery options, and avoid visiting the site. Security teams should block 172.64.147.209 and *.germnilogen.gitbook.io at the network perimeter. If credentials were entered, perform a forced password reset and audit account activity for unauthorized access. Always verify URLs via trusted sources before entering login details.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 172.64.147.209

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c9eb71a5-fb83-4ca8-9747-257e3b3cb247
- PhishDestroy: https://phishdestroy.io/domain/germnilogen.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/germnilogen.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/germnilogen.gitbook.io/
Last updated: 2026-03-23