# finance.ski — SUSPICIOUS > finance.ski impersonates Binance in a brand impersonation scam. VirusTotal shows 0/95 detections. Avoid entering credentials or crypto transactions. ## Summary PhishDestroy identifies finance.ski as a live brand impersonation scam actively masquerading as Binance. The domain poses a significant risk to users due to its malicious intent to deceive and extract sensitive information or cryptocurrency assets. This threat falls under the specific category of brand impersonation, where threat actors leverage the reputation and trust associated with a well-known brand to trick victims into engaging with malicious content. This domain exhibits multiple red flags across several cybersecurity indicators. Created on April 04, 2026, finance.ski has already been flagged for brand impersonation targeting Binance, a leading cryptocurrency exchange. VirusTotal reports 0/95 detections, indicating no current blocklist coverage despite its malicious nature. The domain resolves to IP address 188.114.97.3 and is registered through GNAME.COM PTE. LTD., a registrar with no established trust score in this context. The domain employs a Let's Encrypt SSL certificate, which is commonly abused by threat actors to add a veneer of legitimacy to their infrastructure. As of now, finance.ski has not been listed on any known blocklists, which further highlights the importance of proactive detection and mitigation. Users and organizations are strongly advised to take immediate action to mitigate the risks associated with finance.ski. First, ensure that all devices and networks implement real-time threat intelligence feeds to detect and block access to this domain. Second, verify the authenticity of any Binance-related communications by cross-referencing official channels and avoiding links from unsolicited messages or websites. Third, consider implementing browser-based protections such as uBlock Origin or similar tools configured with anti-phishing and anti-malware lists (e.g., EasyList, PhishTank, or OpenPhish) to block access to the domain outright. Finally, report this domain to relevant authorities such as PhishTank, Google Safe Browsing, or your organization's security team to contribute to collective defense efforts. Proactive monitoring and rapid response are critical to preventing financial loss or credential theft associated with brand impersonation scams like finance.ski. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Binance ## Domain Intelligence - Registered: 2026-04-04 05:30:33 - Registrar: GNAME.COM PTE. LTD. - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/finance.ski - PhishDestroy: https://phishdestroy.io/domain/finance.ski/ - LLM endpoint: https://phishdestroy.io/domain/finance.ski/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/finance.ski/ Last updated: 2026-04-06