# ws.geminiij.com — SUSPICIOUS

> ws.geminiij.com is a crypto drainer impersonating login portals. Flagged by only 0 of 95 VirusTotal vendors, it steals credentials.

## Summary
PhishDestroy identifies ws.geminiij.com as an active crypto drainer impersonating login portals to steal cryptocurrency credentials and assets.

This domain was flagged by 0 of 95 VirusTotal security vendors, registered through Gname.com Pte. Ltd. on September 04, 2024. The domain resolves to IP 188.114.97.3, appears on 2 security blocklists, and holds a Google Trust Services SSL certificate. MetaMask and SEAL have already blacklisted this domain.

Current status remains active despite low detection rates. Users are strongly advised to avoid interacting with this domain or entering any credentials. Verify website safety using PhishDestroy’s real-time database before proceeding. Report suspicious activity to enhance collective threat intelligence.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-09-04 11:52:58
- Registrar: Gname.com Pte. Ltd.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ws.geminiij.com
- PhishDestroy: https://phishdestroy.io/domain/ws.geminiij.com/
- LLM endpoint: https://phishdestroy.io/domain/ws.geminiij.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ws.geminiij.com/
Last updated: 2026-04-04