# gemini.v947.eu.cc — SUSPICIOUS

> gemini.v947.eu.cc is a brand impersonation site targeting Gemini crypto users. VirusTotal reports 0/95 detections. Avoid entering sensitive data.

## Summary
PhishDestroy identifies gemini.v947.eu.cc as a live brand impersonation domain masquerading as the legitimate cryptocurrency platform Gemini. The domain leverages visual and textual cues to deceive visitors into believing they are interacting with an official service, likely aiming to harvest credentials or seed phrases for unauthorized wallet access. No crypto-drainer kit artifacts (e.g., Etherscan contract links, drainer.js payloads) are currently cataloged in public threat feeds, suggesting this may be an early-stage or low-sophistication campaign.  

This domain was flagged with the following technical indicators: VirusTotal detection score of 0 out of 95 engines as of the latest scan, registered via Gname.com Pte. Ltd., resolving to IP 188.114.97.3, created on October 13, 1997, secured with a Google Trust Services SSL certificate, and currently unblocked in Google Safe Browsing (GSB). Additional threat intelligence shows no inclusion in major blocklists, placing it at minimal immediate detection coverage despite active impersonation activity.  

Currently, the domain remains active and under investigation with status marked as 'active' in the threat database. No takedown or blocking action has been confirmed at this time. Given the lack of detections and absence of known drainer payloads, the risk is classified as 'under_investigation'—however, users interacting with this domain risk credential theft or cryptocurrency loss. Security teams and users are advised to block gemini.v947.eu.cc at the network and endpoint levels and avoid accessing it via any means. Monitor for updates as this investigation progresses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Gemini

## Domain Intelligence
- Registered: 1997-10-13 04:00:00
- Registrar: Gname.com Pte. Ltd.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/gemini.v947.eu.cc
- PhishDestroy: https://phishdestroy.io/domain/gemini.v947.eu.cc/
- LLM endpoint: https://phishdestroy.io/domain/gemini.v947.eu.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gemini.v947.eu.cc/
Last updated: 2026-04-08