# de-bank.run — MALICIOUS

> Stay safe online! The domain de-bank.run is a known banking phishing site now offline. Avoid visiting and report suspicious links immediately.

## Summary
PhishDestroy identifies de-bank.run as a high-risk banking phishing domain designed to steal user credentials by masquerading as a legitimate financial institution. Classified under banking phishing threats, this domain targeted unsuspecting users seeking online banking services.

Technical analysis reveals de-bank.run was registered on February 21, 2026, through a dead domain registrar, raising suspicion about its legitimacy. VirusTotal flagged the domain by 11 security vendors, and it appeared on 4 separate security blocklists, indicating widespread recognition of its malicious nature. These indicators highlight the domain’s use in coordinated phishing campaigns to capture sensitive banking information.

Currently, de-bank.run is offline, mitigating immediate risk to users. PhishDestroy recommends continued vigilance and avoidance of any links associated with this domain. Users are urged to report suspicious emails or messages referencing this domain and to verify the authenticity of banking websites before entering credentials.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Target brand: Ethereum
- Page title: DeBank | Your go-to portfolio tracker for Ethereum and EVM

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 104.21.80.1
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Lionic", "Seclookup", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019929b8-aa50-768a-8bc3-f4a70bce390a.png
- PhishDestroy: https://phishdestroy.io/domain/de-bank.run/
- LLM endpoint: https://phishdestroy.io/domain/de-bank.run/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/de-bank.run/
Last updated: 2026-03-19