# geminicopier.com — SUSPICIOUS > geminicopier.com mimics a legitimate copier brand to harvest credentials. Google Safe Browsing flags this domain with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies geminicopier.com as an active credential theft site disguised as a copier service portal. This domain leverages brand impersonation to trick users into surrendering login credentials, posing a direct risk to enterprise and personal accounts. The site’s SSL certificate issued by Sectigo Limited provides a false sense of legitimacy, while its recent creation on April 10, 2026, suggests opportunistic deployment targeting unaware visitors. With zero detections on VirusTotal (0/95 engines) and a Google Safe Browsing label of SOCIAL_ENGINEERING, this domain flies under the radar while actively phishing for sensitive information. Technical indicators further corroborate malicious intent. Registered through NAMECHEAP INC, a registrar often abused for low-cost malicious domains, geminicopier.com resolves to IP 68.65.122.222, a hosting environment frequently associated with transient fraudulent infrastructure. The domain’s lack of historical reputation and absence of detections despite active scanning highlights the evolving tactics of threat actors who rely on short-lived domains to evade detection. Given its classification and behavior, this site is almost certainly part of a coordinated campaign aimed at harvesting credentials under the guise of a trusted office equipment brand. Users who accessed this domain should immediately audit any credentials entered and consider them compromised. Reset passwords on affected accounts using a trusted device and enable multi-factor authentication where available. Report the domain to your security team or via Google Safe Browsing to help block future access. Avoid interacting with this site and verify any unsolicited links through official channels before proceeding. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-10 09:34:07 - Registrar: NAMECHEAP INC - IP: 68.65.122.222 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/geminicopier.com - PhishDestroy: https://phishdestroy.io/domain/geminicopier.com/ - LLM endpoint: https://phishdestroy.io/domain/geminicopier.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/geminicopier.com/ Last updated: 2026-04-10