# PhishDestroy threat dossier — viewsbsc.info
================================================================

Fetched:   2026-04-23 07:49:35 UTC
Canonical: https://phishdestroy.io/domain/viewsbsc.info/

## VERDICT
----------------------------------------------------------------
TAKEN DOWN (neutralised)
Composite threat score: 91/100 (PhishDestroy scoring — see methodology below)
Scam classification: Impersonation
Targeted brand: Binance

## DETECTION EVIDENCE
----------------------------------------------------------------
VirusTotal:      1/94 security vendors flagged this domain

## INFRASTRUCTURE
----------------------------------------------------------------
IP address:      77.245.76.110 (GB, Gosport)
ASN:             AS20860 IOMART CLOUD SERVICES LIMITED
Hosting org:     Redstation Limited
Registrar:       GoDaddy.com, LLC
Nameservers:     ns65.domaincontrol.com, ns66.domaincontrol.com
Registered:      2026-03-31
Expires:         2027-03-31
Page title:      SEND USDT - SECURE
HTTP response:   526

## TLS CERTIFICATE
----------------------------------------------------------------
Issuer:     Let's Encrypt / R12
Expires:    2026-07-12
Status:     INVALID chain
Fingerprint: 35d60b102edfb7014c199960432eeb64d34036460f2fb566b45cc907816cb2ac
Subject Alternative Names (related infrastructure — often same operator):
  - wallettest.site
  - www.wallettest.site

## ABUSE-REPORT HISTORY (evidence of registrar non-response)
----------------------------------------------------------------
Status: CLOSED — no report required.
This domain was neutralised before the abuse-report cycle could be dispatched — either
the hosting provider / registrar suspended it on their own, the DNS went dead, or the
operator abandoned the infrastructure. PhishDestroy keeps the evidence bundle on file
for audit but no formal notice was sent.

## TIMELINE
----------------------------------------------------------------
Domain registered: 2026-03-31 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration)
First detected:    2026-03-31 16:34:27 UTC (by PhishDestroy tracker)
First reported:    2026-03-31 13:34:13 UTC (abuse notice filed)
Last verified:     2026-04-23 09:15:38 UTC
Neutralised:       2026-04-03 01:51:40 UTC
Current status:    taken down (registrar suspended or DNS dead)

## EXTERNAL CORROBORATION (third-party evidence)
----------------------------------------------------------------
URLScan.io:       https://urlscan.io/result/019d4416-e5a0-7637-ae86-f8f189101253/
URLQuery:         https://urlquery.net/report/ffc43e7e-e3fb-4ada-b84b-758628aa7ac8
Wayback Machine:  https://web.archive.org/web/*/viewsbsc.info
crt.sh CT logs:   https://crt.sh/?q=%25.viewsbsc.info
Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=viewsbsc.info
AlienVault OTX:   https://otx.alienvault.com/indicator/domain/viewsbsc.info
URLhaus:          https://urlhaus.abuse.ch/host/viewsbsc.info/

## ANALYST NARRATIVE
----------------------------------------------------------------
[Generated: 2026-03-31 16:36:48 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.]

This investigation report focuses on viewsbsc.info, a domain identified as an active generic phishing site engaged in fake login credential harvesting. The threat actor appears to impersonate Binance, a major cryptocurrency exchange, aiming to deceive users into entering their credentials through a convincing replica of the official login portal. Given the nature of the campaign—targeting cryptocurrency users with login spoofing—this poses significant risk to digital asset holders who may unknowingly surrender account access to malicious operators.  

 PhishDestroy identifies this domain as a fake login phishing site with an elevated risk level under active investigation. The domain resolves to IP address 77.245.76.110 and was registered on March 31, 2026 through GoDaddy.com, LLC. The SSL certificate, issued by Let’s Encrypt, adds superficial legitimacy. Notably, VirusTotal currently reports 0 out of 95 security vendors detecting the threat, indicating it has not yet been widely blacklisted or flagged by automated systems. No known IP or domain blocklists were identified in public sources at the time of analysis, and registrant trust scores remain unverified due to privacy protection likely enabled by the registrar. This combination of recent registration, clean detection record, and operational status suggests the threat is still in an early or testing phase.  

 Mitigation begins with user awareness: avoid accessing the domain or any link sent via unsolicited email, SMS, or social media. Verify any crypto-related login URL by manually typing the official domain (binance.com) into your browser or using a trusted bookmark. Enable two-factor authentication (2FA) on your Binance account and consider using hardware-based authenticators. Cryptocurrency users should also monitor account activity closely and revoke any unauthorized device sessions. If you suspect interaction with this domain, immediately change your account password, enable enhanced security settings, and report the incident to Binance support. Use PhishDestroy’s scanner to validate URLs before clicking, as this domain—and likely similar variants—pose a credible ongoing threat to crypto wallet and exchange users.

## EVIDENCE HASHES
----------------------------------------------------------------
PhishDestroy Case ID:  PD-20260331-DB90BE
TLS cert SHA-256:      35d60b102edfb7014c199960432eeb64d34036460f2fb566b45cc907816cb2ac

## SCORING METHODOLOGY
----------------------------------------------------------------
Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates:
  - VirusTotal positive ratio
  - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus,
    CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB)
  - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor)
  - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.)
  - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing
  - URLScan / URLQuery verdicts
  - Brand-impersonation heuristics (DOM analysis of forms, logos, wording)
  - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures)
  - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...)
  - Free-TLS vs paid-cert ratio (throwaway infrastructure signal)
  - Registrar/hosting abuse history (this registrar's track record)
  - Human researcher sign-off (volunteer takedown team)

A domain present in our database is ALREADY flagged. A low VT count by itself does
NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their
first 7–30 days while actively draining wallets. Always cross-reference the composite
score and the individual indicators above, not just VT.

## CORRECTIONS / APPEALS
----------------------------------------------------------------
Full HTML report:  https://phishdestroy.io/domain/viewsbsc.info/
JSON API:          https://api.destroy.tools/v1/check?domain=viewsbsc.info
Appeal a flag:     https://phishdestroy.io/appeals/  (responded to within 48 hours, FP rate <0.01%)
Submit a report:   https://t.me/PhishDestroy_bot

About PhishDestroy: volunteer-driven open-source threat-intelligence platform.
Tracked: 131,000+ phishing domains. Confirmed takedowns: 91,000+. Site: https://phishdestroy.io