# bitcoinpenguinapp.pages.dev — SUSPICIOUS

> Domain bitcoinpenguinapp.pages.dev impersonates Bitcoin in an active phishing campaign. Flagged by 1 of 95 VirusTotal vendors, it resolves to IP 188.114.96.3.

## Summary
PhishDestroy identifies active brand impersonation on domain bitcoinpenguinapp.pages.dev targeting the Bitcoin brand. The threat is currently active and leverages the reputation of Bitcoin to deceive users into downloading malicious software or surrendering credentials.

This domain was flagged by 1 of 95 VirusTotal vendors, indicating limited but present detection across security solutions. Registered through Cloudflare, Inc., it resolves to IP 188.114.96.3 and operates under a Google Trust Services SSL certificate, which may enhance trust perception among potential victims. The campaign’s low detection rate combined with the use of a trusted registrar and SSL provider reflects an evasive and increasingly sophisticated operation.

Given the active status of this campaign and its targeting of cryptocurrency users, immediate action is required. Users encountering this domain should not interact with it, download any files, or enter sensitive information. Network defenders are advised to block traffic to IP 188.114.96.3 and the domain bitcoinpenguinapp.pages.dev at the firewall level. Enhanced monitoring for related infrastructure, especially within Cloudflare’s ecosystem, is strongly recommended. Security teams should also flag associated email addresses and wallet addresses observed in this campaign for further intelligence enrichment and takedown coordination.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Bitcoin

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/437f5873-0f5b-4eaa-9d43-e387948eb297
- PhishDestroy: https://phishdestroy.io/domain/bitcoinpenguinapp.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/bitcoinpenguinapp.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bitcoinpenguinapp.pages.dev/
Last updated: 2026-03-21