# lbankdesktop.com — SUSPICIOUS > lbankdesktop.com mimics LBank to steal crypto. VirusTotal rates it 0/95 with a Let's Encrypt SSL cert. Never download apps from this domain. ## Summary PhishDestroy identifies lbankdesktop.com as an active banking-phishing site designed to impersonate the legitimate LBank cryptocurrency exchange desktop application. The fraudulent domain uses the LBank brand to trick users into downloading a trojanized installer that can harvest credentials and private keys. Threat actors registered lbankdesktop.com on April 10, 2026, using the registrar NICENIC INTERNATIONAL GROUP CO., LIMITED, and it currently points to IP address 216.150.1.1 with a valid Let’s Encrypt SSL certificate to appear legitimate. VirusTotal shows zero detections out of 95 security engines, indicating the domain is currently under the radar despite its malicious intent. This domain was flagged as a banking-phishing threat after analysis confirmed its intent to mimic LBank’s official desktop application. Its SSL certificate was issued by Let’s Encrypt, a trusted authority that issuers often abuse to add credibility. The domain resolved to IP 216.150.1.1 and was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on April 10, 2026, which raises concerns given its recent creation and suspicious branding alignment with a major exchange. Notably, VirusTotal scanning engines have returned 0 out of 95 detections, suggesting a stealthy campaign that has not yet been widely blacklisted. If you visited lbankdesktop.com or downloaded any files from the site, assume your device may be compromised. Do not enter any credentials or private keys on this domain. Immediately disconnect from the internet, run a full antivirus scan using a trusted tool, and consider resetting passwords on other devices. Report the domain to your local cybersecurity authority and avoid similar suspicious download sites. Stay vigilant and verify software sources before installation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-10 18:24:17 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 216.150.1.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e7412617-1d15-445f-a9ec-ae1a349b5f31 - PhishDestroy: https://phishdestroy.io/domain/lbankdesktop.com/ - LLM endpoint: https://phishdestroy.io/domain/lbankdesktop.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/lbankdesktop.com/ Last updated: 2026-04-14