# mtasmskzxtntln.gitbook.io — MALICIOUS > mtasmskzxtntln.gitbook.io is a verified crypto drainer site, stealing wallet funds via fake token offers. VT score 16/95, blocked by OpenPhish. ## Summary PhishDestroy identifies mtasmskzxtntln.gitbook.io as an active crypto drainer posing as a legitimate service. The site exploits GitBook’s platform to host fraudulent token offering pages designed to trick users into connecting their crypto wallets and sign malicious transactions. Attackers leverage the platform’s trustworthiness to distribute drainer scripts that siphon digital assets, primarily targeting Ethereum and other EVM-based networks. Technical telemetry confirms the deployment of a drainer kit simulating token airdrops or investment opportunities to deceive users into authorizing wallet access and fund transfers. This domain exhibits multiple indicators of compromise with a VirusTotal detection score of 16/95 security vendors and is flagged by the OpenPhish blocklist. Registered through Cloudflare, Inc., it resolves to IP address 104.18.40.47 and was created on March 30, 2014. The site holds a valid SSL certificate issued by Google Trust Services, possibly enhancing its credibility. It appears on one external security blocklist and has been confirmed malicious by reputable threat intelligence sources, reinforcing its role in active fraud campaigns. As of the latest assessment, mtasmskzxtntln.gitbook.io remains online and active in circulating cryptocurrency drainer payloads. PhishDestroy has flagged this domain for elevated risk due to ongoing exploitation in real-world attacks. Users are urged to avoid interacting with the site and verify any GitBook-hosted crypto-related pages using PhishDestroy’s real-time scanner. While Cloudflare infrastructure is used for hosting, the security risks remain high due to persistent malicious content. Immediate avoidance and reporting are strongly recommended to prevent financial loss. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 104.18.40.47 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/52cc9e30-c6d2-4d81-a4f8-0bc0f6184bc1 - PhishDestroy: https://phishdestroy.io/domain/mtasmskzxtntln.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/mtasmskzxtntln.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mtasmskzxtntln.gitbook.io/ Last updated: 2026-04-12