# xnb-binance.com.cn — MALICIOUS

> xnb-binance.com.cn is a malicious domain flagged as brand impersonation targeting Binance users. VirusTotal detects 5/95 security vendors and Google Safe.

## Summary
PhishDestroy identifies xnb-binance.com.cn as an active brand impersonation domain masquerading as Binance, a major cryptocurrency exchange. The domain is engineered to deceive users into divulging credentials or transferring funds to attacker-controlled wallets, fitting the crypto drainer profile. This tactic leverages Binance’s brand recognition to lend false legitimacy to the fraudulent site.

Technical indicators confirm the domain’s malicious nature. Registered through Web Commerce Communications Limited on March 26, 2026, it resolves to IP address 184.168.121.194 and is equipped with a Let’s Encrypt SSL certificate to appear trustworthy. Security vendor analysis via VirusTotal shows a detection ratio of 5/95, while Google Safe Browsing flags the domain as SOCIAL_ENGINEERING. It is currently blocked by Hagezi and appears on one additional security blocklist.

The domain remains active and poses an elevated risk to unwary users. Security teams should ensure immediate blocking via DNS, firewall, or proxy rules using the provided indicators. Users should avoid interacting with this domain entirely. Despite current mitigation efforts, the threat persists due to the domain’s recent creation and active hosting. Continuous monitoring and proactive threat hunting are recommended to detect further impersonation attempts or related infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Binance

## Domain Intelligence
- Registered: 2026-03-26 15:39:45
- Registrar: Web Commerce Communications Limited
- IP: 184.168.121.194

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/xnb-binance.com.cn
- PhishDestroy: https://phishdestroy.io/domain/xnb-binance.com.cn/
- LLM endpoint: https://phishdestroy.io/domain/xnb-binance.com.cn/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/xnb-binance.com.cn/
Last updated: 2026-04-02