# upihlodlognim.gitbook.io — SUSPICIOUS > PhishDestroy identifies upihlodlognim.gitbook.io as a suspected crypto drainer phishing site. VirusTotal shows 0/95 detections. ## Summary PhishDestroy flags upihlodlognim.gitbook.io as an ACTIVE crypto drainer-linked domain impersonating legitimate GitBook content to steal cryptocurrency. Risk level is under_investigation but remains ACTIVE due to ongoing abuse. This platform typically disguises malicious payloads as software downloads or wallet integrations, luring users into authorizing fraudulent crypto transfers via compromised browser extensions or fake transaction approvals. Credential theft via fake login overlays is also reported in similar GitBook-hosted campaigns. This domain was flagged by PhishDestroy’s automated pipeline and remains unblocked by most engines despite its low VirusTotal score of 0/95 detections. The infrastructure details reveal registration through Cloudflare, Inc on March 30, 2014, resolving to IP 104.18.40.47 with a Google Trust Services SSL certificate—common cloaking tactics among crypto drainers. Its age suggests potential long-term abuse, while Cloudflare hosting facilitates rapid domain rotation and evasion. Current threat intelligence indicates crypto drainer payloads are injected via embedded scripts, redirecting users to fake wallet interfaces or clipboard malware. No confirmed blocklist inclusion was detected at time of analysis, reinforcing the need for proactive domain monitoring. Users must NEVER authorize transactions or enter seed phrases on this domain or any GitBook page requesting crypto wallet connections. Enable wallet allowlists, revoke unknown permissions via MetaMask or Phantom, and inspect browser extensions for unauthorized permission grants. Report suspicious GitBook domains to PhishDestroy via its public submission portal. Block 104.18.40.47 at network level and warn community members via social channels to prevent further victimization. Monitor crypto wallet transaction logs for unauthorized transfers as a post-compromise indicator. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 104.18.40.47 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/2586e4a9-034f-4ed2-b2cc-76ed777ef41b - PhishDestroy: https://phishdestroy.io/domain/upihlodlognim.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/upihlodlognim.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/upihlodlognim.gitbook.io/ Last updated: 2026-04-11