mass.report
Scan Intelligence Report0/100
critical Risk
gmbl.sy99.de
https://gmbl.sy99.de/
IP
43.174.247.33 · ACE
Location
Singapore, Singapore
Domain Age
—
HTTP
200 · 15.6s
SSL
Valid· TrustAsia DV TLS RSA CA 2025, TrustAsia Technologies, Inc., CN
Status
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Gemini Balance
Vendors
26/26
Status
completed
✓ apple✓ yandex✓ apwg✓ cisa✓ spamhaus✓ emsisoft✓ mcafee✓ netcraft✓ sophos✓ urlscan✓ phishtank✓ urlquery✓ threatyeti✓ phishreport✓ openphish✓ microsoft✓ virustotal✓ google✓ eset✓ urlabuse✓ avg✓ fortiguard✓ bitdefender✓ avast✓ norton✓ brightcloud
Registered-domain escalation
Submit sy99.de as the primary IOC, enriched with evidence from hostile subdomains like gmbl.sy99.de.
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
Gemini Balance
Credential Phishingfinance | technology | ecommerce · 4/5/2026
Summary
This page at gmbl.sy99.de presents a Gemini Balance login UI (页面标题包含 'Gemini Balance' and branding visuals) but is hosted on a non-official domain. The domain impersonates Gemini, leveraging a Gemini-like login interface to capture credentials. The domain name and page content do not align with Gemini's official domain, indicating a typosquat/brand impersonation attempt.
Attack Techniques (5)
Brand logo/name in page title and UI aligned with Gemini BalanceTyposquat/improper domain hosting (gmbl.sy99.de) for credential collectionLogin form present in static HTML with POST to /auth, indicating credential captureExternal assets and fonts loaded to mimic Gemini branding (tailwindcss.js, Gemini-like UI)New SSL certificate issued in 2026 on a non-official domain
Indicators of Compromise (5)
▸DOMAIN: gmbl.sy99.de (not Gemini's official domain)
▸PAGE TITLE: '验证页面 - Gemini Balance' references Gemini Balance
▸FORM ACTION: POST to https://gmbl.sy99.de/auth with a password field present in the page
▸EXTERNAL SCRIPT: /static/js/tailwindcss.js?v=7a614b9a (cloned UI framework)
▸NETWORK: assets loaded to resemble Gemini Balance UI (logo, fonts, icons)
Risk AssessmentUsed in abuse reports
This site impersonates Gemini Balance on a non-official domain gmbl.sy99.de. The page title explicitly references Gemini Balance, and the UI mirrors a credential entry flow with a password field and login form posted to /auth. The SSL cert is valid but issued to the host itself, and the domain appears newly registered with limited WHOIS visibility. The combination of brand impersonation, credential collection form, and SPA-like asset loading constitutes a high-risk phishing domain intended to harvest user credentials. Immediate action is warranted to suspend the domain and block hosting to prevent further credential theft.
Recommended Action
Suspend Domain
Cross-Reference8
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API