# bnbe-init.pages.dev — SUSPICIOUS

> bnbe-init.pages.dev is linked to credential theft with a VirusTotal score of 0/95. Domain under investigation; users advised to avoid interaction.

## Summary
The domain bnbe-init.pages.dev has been identified as involved in a credential theft campaign. This campaign does not currently impersonate a specific brand nor use a known crypto drainer kit but aims to harvest user credentials through deceptive means. The domain is active and under continued investigation due to its malicious intent.

Technical indicators reveal that bnbe-init.pages.dev resolves to the IP address 188.114.96.3. The domain was registered via Cloudflare, Inc., and holds an SSL certificate issued by Google Trust Services, which may lend it an appearance of legitimacy to unsuspecting users. VirusTotal analysis shows a clean record with 0 detections out of 95 engines, indicating the domain is not yet flagged by mainstream antivirus solutions. No Google Safe Browsing (GSB) status or blocklist counts were provided, suggesting it may still evade common security filters. The domain's registration date was not specified, but the active status confirms ongoing operations.

Currently, bnbe-init.pages.dev remains active and classified as under investigation, with a risk level not yet fully assessed. The lack of detections on VirusTotal and presence of a valid SSL certificate increase the potential threat to users who might trust the site. Security teams should monitor the domain closely, update blocklists as more intelligence becomes available, and caution users against interacting with this domain. Users are advised to avoid submitting any personal or login information to this domain to mitigate the risk of credential compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b1f9fe47-ef40-4b75-8606-4b3aee3c4f64
- PhishDestroy: https://phishdestroy.io/domain/bnbe-init.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/bnbe-init.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bnbe-init.pages.dev/
Last updated: 2026-03-25