# bnbit.win — SUSPICIOUS

> PhishDestroy warns that bnbit.win is a crypto drainer impersonating Bybit. Domain created March 2026; 0/95 VirusTotal detections. Verify URLs before trading.

## Summary
PhishDestroy identifies bnbit.win as an active crypto drainer scam impersonating the Bybit exchange, posing a direct threat to cryptocurrency traders. The domain's primary objective is to trick victims into connecting wallets or entering credentials, enabling unauthorized fund transfers. Given the recent domain registration date and lack of detection on VirusTotal, users should treat this as a high-risk threat until further analysis confirms otherwise.  This domain exhibits multiple red flags across key threat intelligence vectors. Domain creation occurred on March 09, 2026, with resolution to IP address 172.67.145.206. The malicious infrastructure is hosted under a Let's Encrypt SSL certificate, while domain registration was processed through Gname.com Pte. Ltd. Notably, the domain currently shows zero detections across 95 VirusTotal scans, indicating it remains undetected by most security vendors. These factors suggest either a newly deployed threat or one deliberately avoiding detection through low-profile infrastructure.  The absence of blocklist entries or trust score degradation should not be interpreted as safety assurance. Users must implement platform-specific verification protocols before engaging with Bybit-related domains. Immediately block traffic to 172.67.145.206 at network boundaries, and instruct employees to access Bybit exclusively via verified bookmarks or the official bybit.com domain. Enable wallet connection warnings in browser extensions like PhishDestroy to intercept malicious dApps. Organizations should also report this domain to Gname.com for takedown through their abuse channels while monitoring for related certificate issuances.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Bybit

## Domain Intelligence
- Registered: 2026-03-09 20:47:00
- Registrar: Gname.com Pte. Ltd.
- IP: 172.67.145.206

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/bnbit.win
- PhishDestroy: https://phishdestroy.io/domain/bnbit.win/
- LLM endpoint: https://phishdestroy.io/domain/bnbit.win/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bnbit.win/
Last updated: 2026-04-07