# checkbnbusdt.com — MALICIOUS

> Avoid checkbnbusdt.com — a high-risk phishing site flagged by multiple sources. This domain is offline but remain vigilant against similar threats.

## Summary
PhishDestroy identifies checkbnbusdt.com as a high-risk generic phishing domain. The domain was created recently on February 21, 2026, and is classified as malicious due to its involvement in deceptive activities targeting cryptocurrency users. It was registered via Dynadot LLC, a common registrar sometimes abused by threat actors. The page title discovered, "PHP 8.3.6 - phpinfo()," suggests the site may have been in testing or misconfigured, often a technique used to mask phishing content or gather system information.

Technical analysis reveals that checkbnbusdt.com resolved to the IP address 172.105.60.190 and was detected by 13 out of 95 security vendors on VirusTotal, confirming its association with phishing. Additionally, it is listed on one security blocklist and features in an AlienVault OTX threat intelligence pulse, reinforcing its suspicious nature. The domain’s infrastructure and behavior align with common phishing tactics aimed at exploiting users of cryptocurrency platforms, particularly USDT (Tether) holders.

Currently, the domain is offline and no longer actively resolving, indicating that defensive actions or takedown efforts have mitigated the immediate threat. Users are advised to avoid interacting with this domain or any associated links, as residual risks or mirror sites may still pose danger. Continuous monitoring and updating of threat intelligence feeds remain essential to detect any potential resurgence or related phishing campaigns linked to checkbnbusdt.com.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: PHP 8.3.6 - phpinfo()

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dynadot LLC
- Country: US
- IP: 172.105.60.190
- IP Country: IN
- IP City: Mumbai
- IP Org: AS63949 Akamai Connected Cloud
- Nameservers: ["ns1.dyna-ns.net", "ns2.dyna-ns.net"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0199520f-74da-72f9-9ae0-48d727db02c8.png
- PhishDestroy: https://phishdestroy.io/domain/checkbnbusdt.com/
- LLM endpoint: https://phishdestroy.io/domain/checkbnbusdt.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/checkbnbusdt.com/
Last updated: 2026-03-19