# binwindata.icu — SUSPICIOUS

> binwindata.icu is a fake data breach site pushing generic phishing scams; VirusTotal flags 4/95 vendors.

## Summary
This domain is a fake data-breach portal designed to trick victims into thinking their data has been exposed, then coerce them into clicking malicious links or downloading malware. PhishDestroy identifies it as an active scam site that lures users with fabricated breach notifications and harvests credentials or installs unwanted software. The page mimics legitimate breach-alert pages to appear urgent and convincing, so treat any unsolicited “your data leaked” messages that point here as fraudulent.  PhishDestroy’s analysis shows this domain was registered on March 29, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP 91.238.105.104. VirusTotal’s latest scan flags the site with 4 out of 95 security engines detecting malicious content, confirming it is actively distributing phishing payloads rather than being a false positive. The presence of a Let’s Encrypt SSL certificate is irrelevant—scammers routinely obtain free certificates to make their pages look legitimate, so the padlock icon alone is no guarantee of safety.  If you visited binwindata.icu, close the tab immediately and avoid clicking anything on the page. Do not enter any passwords, payment details, or personal information. Run a full antivirus scan on the device you used to access the site, and consider changing passwords for any accounts you may have typed in while the page was open. Report the domain to your email provider or local cybercrime unit so others are warned, and set browser flags to block future visits to this or similar sites.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-29 01:13:49
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 91.238.105.104

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/binwindata.icu
- PhishDestroy: https://phishdestroy.io/domain/binwindata.icu/
- LLM endpoint: https://phishdestroy.io/domain/binwindata.icu/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/binwindata.icu/
Last updated: 2026-04-10