# bitvavonud.top — MALICIOUS

> bitvavonud.top impersonates Bitvavo in a medium-risk phishing attempt. Stay vigilant and avoid interacting with this offline domain to protect your data.

## Summary
PhishDestroy identifies bitvavonud.top as a medium-risk brand impersonation domain targeting the cryptocurrency exchange Bitvavo. The domain name closely mimics the legitimate brand, intending to deceive users into believing they are interacting with Bitvavo’s official platform. This classification is based on its use of social engineering tactics to exploit brand trust for malicious purposes.

Technical analysis reveals that bitvavonud.top was registered on February 21, 2026, through Dynadot LLC and resolved to the IP address 182.16.10.133. VirusTotal flags the domain by 9 out of 95 security vendors, and it appears on one security blocklist. Google Safe Browsing categorizes the domain under social engineering threats, confirming its phishing intent. The domain’s page title simply reflects its own name, further indicating a lack of legitimate branding elements.

The domain is currently offline, having been taken down following detection. This status limits ongoing risk, but prior activity suggests potential attempts to capture credentials or personal data by mimicking Bitvavo. Users and security researchers are advised to remain cautious of similar variants and verify URLs carefully before interacting with cryptocurrency service websites. PhishDestroy continues to monitor related threats to protect the community from emerging phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Bitvavo
- Page title: bitvavonud.top

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dynadot LLC
- Country: US
- IP: 182.16.10.133
- IP Country: HK
- IP City: Tung Chung
- IP Org: AS45753 Netsec Limited
- Nameservers: ["ns1.dyna-ns.net.", "ns2.dyna-ns.net."]
- SSL Issuer: none

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01992fd4-4537-70f5-9e02-7cfbd76f5ae1.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3b3fb40a-9dec-4aa9-8d31-7aaecbaf296c
- PhishDestroy: https://phishdestroy.io/domain/bitvavonud.top/
- LLM endpoint: https://phishdestroy.io/domain/bitvavonud.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bitvavonud.top/
Last updated: 2026-03-19