# bnb-1.vip — SUSPICIOUS

> PhishDestroy identifies bnb-1.vip as a suspected BNB Chain impersonation domain with a crypto drainer threat.

## Summary
PhishDestroy’s ongoing investigation has flagged bnb-1.vip as an active domain deploying brand impersonation tactics targeting BNB Chain users. The site is currently under review but remains accessible, posing a high-risk threat to cryptocurrency holders unaware of its fraudulent nature. Technical indicators show SSL certificates issued by Google Trust Services, resolving to IP 104.21.73.168, and registration through Gname.com Pte. Ltd. on October 12, 2025. Current detection rates on VirusTotal stand at 0 detections out of 95 scanners, and preliminary assessments indicate no presence on major blocklists or reputation engines. The domain’s recent creation date and absence of security flags suggest an emerging campaign designed to exploit trust in legitimate BNB Chain services.  This domain leverages the BNB Chain brand’s credibility to deceive users into connecting wallets or entering credentials under false pretenses. The use of a Google Trust Services certificate is a common tactic employed by threat actors to appear legitimate, while the hosting infrastructure on 104.21.73.168—shared with multiple high-risk domains—further compounds the risk profile. Registrar data indicates anonymity protections typical of malicious registrations, with Gname.com Pte. Ltd. often implicated in fraudulent domain acquisitions. The zero detection rate on VirusTotal highlights a critical window of opportunity for attackers to operate undetected before security vendors catch up. The domain’s recent creation aligns with the rise of crypto drainer campaigns targeting decentralized finance users.  Mitigation for this brand impersonation threat requires immediate action. Users should avoid accessing bnb-1.vip entirely and report the domain to security teams or browser blocklists. Block the resolving IP 104.21.73.168 at the network perimeter to prevent further access. Organizations should update threat intelligence feeds to include this domain and distribute warnings to employees or customers who may interact with BNB Chain services. Consider deploying DNS sinkholes or web filtering rules to block resolution entirely. For cryptocurrency users, remain vigilant for unsolicited links in emails, social media, or messaging platforms—especially those referencing BNB Chain or wallet updates. If credentials or wallet connections were entered, revoke permissions immediately via the official BNB Chain platform and enable two-factor authentication on all accounts. Monitor blockchain activity for unauthorized transfers, as crypto drainers often execute transactions within minutes of connection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-10-12 19:04:50
- Registrar: Gname.com Pte. Ltd.
- IP: 104.21.73.168

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3578f21f-b1da-4196-8f21-c7c5f4e0efd8
- PhishDestroy: https://phishdestroy.io/domain/bnb-1.vip/
- LLM endpoint: https://phishdestroy.io/domain/bnb-1.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bnb-1.vip/
Last updated: 2026-03-28