# bpmplatform.com — SUSPICIOUS > bpmplatform.com hosts a fake login phishing page stealing crypto credentials; verify on PhishDestroy. IP 188.114.96.3 linked to 1/95 VirusTotal detections. ## Summary PhishDestroy identifies bpmplatform.com as an active phishing domain leveraging a fake login page designed to harvest cryptocurrency wallet credentials. The elevated risk stems from its role in a credential theft campaign targeting unsuspecting users. Early detection metrics indicate this domain has been weaponized since its creation, with threat actors repurposing a long-standing domain to lend credibility to their malicious infrastructure. This domain was flagged by a single security vendor out of 95 on VirusTotal, suggesting limited but present recognition of its malicious nature. It resolves to IP address 188.114.96.3, which is associated with GoDaddy’s infrastructure, as the domain was registered through GoDaddy.com, LLC on February 24, 2012. Despite its age, the domain has been compromised or repurposed for malicious use, with SSL certification provided by Google Trust Services—highlighting the deceptive use of legitimate certificate authorities to bypass detection. The low detection rate among vendors underscores the challenge in identifying such long-lived malicious domains, especially when leveraging trusted hosting providers or certificate issuers. Given the specific threat of a crypto drainer phishing scheme, users should avoid interacting with bpmplatform.com entirely. If credentials or crypto wallet access has been provided to this domain, disconnect affected wallets immediately, revoke any permissions granted, and initiate wallet recovery procedures through the legitimate platform. Organizations are advised to block this domain at the network perimeter and scan endpoints for signs of credential compromise. Always verify links and domains via PhishDestroy prior to engagement to prevent exposure to credential harvesting attacks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2012-02-24 20:59:26 - Registrar: GoDaddy.com, LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/643bc38e-4911-4ba3-9e16-e45f604180c7 - PhishDestroy: https://phishdestroy.io/domain/bpmplatform.com/ - LLM endpoint: https://phishdestroy.io/domain/bpmplatform.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bpmplatform.com/ Last updated: 2026-03-23