# bitcoinub.com — MALICIOUS

> bitcoinub.com posed a serious phishing threat by impersonating Bitcoin. Now offline, learn why this domain was flagged for social engineering risks.

## Summary
PhishDestroy identifies bitcoinub.com as a high-risk brand impersonation domain targeting Bitcoin users. Its primary threat type is social engineering designed to deceive visitors by mimicking the trusted Bitcoin brand, aiming to steal sensitive data or funds.

This domain was flagged by Google Safe Browsing for social engineering and appears on one security blocklist, confirming its malicious intent. VirusTotal analysis showed 13 out of 95 security vendors detecting suspicious activity connected to it. The domain resolved to IP address 104.21.112.1 and was registered through Key-Systems GmbH on February 21, 2026. The webpage was offline at the time of analysis and displayed a "521: Web server is down" error, indicating it was taken down, likely due to its fraudulent use.

Users are urged to avoid bitcoinub.com or any similar domains impersonating well-known cryptocurrency brands. PhishDestroy recommends ensuring browser and security tools are up to date to block such phishing attempts proactively. Since the domain is currently offline, the immediate risk is mitigated, but vigilance remains crucial as threat actors may register new variants to continue phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Bitcoin
- Page title: bitcoinub.com | 521: Web server is down

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Key-Systems GmbH
- Country: DE
- IP: 104.21.112.1
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["alaric.ns.cloudflare.com", "mckenzie.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198cb56-8757-77d7-8a6b-769883c154d8.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7ade3aa6-5da7-4c04-8cf7-0a603c4dc0e4
- PhishDestroy: https://phishdestroy.io/domain/bitcoinub.com/
- LLM endpoint: https://phishdestroy.io/domain/bitcoinub.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bitcoinub.com/
Last updated: 2026-03-19