# tu-bitget.com.cn — SUSPICIOUS

> PhishDestroy warns tu-bitget.com.cn is a fake Bitget login page distributing crypto drainers. 0/95 VirusTotal detections as of seed ada075.

## Summary
PhishDestroy identifies an active brand-impersonation threat at tu-bitget.com.cn that mimics the Bitget cryptocurrency exchange to harvest credentials and drain wallets. The domain was registered on March 22, 2026 through PDR Ltd. d/b/a PublicDomainRegistry.com and resolves to IP 154.204.135.230, where it serves a fake login portal paired with a crypto-draining script. No VirusTotal vendors currently flag the site (0/95 detections), indicating a low but dangerous window of exposure.

Exact indicators include the domain name tu-bitget.com.cn, issuer TrustAsia Technologies, Inc. SSL certificate, and creation timestamp supplied above. The registrar public profile shows no historic blocklist presence, while the hosting IP 154.204.135.230 carries no reputation score in PhishDestroy’s trust index. This combination of zero detections, a recently minted domain, and impersonation of a major exchange creates a high-risk lure for users seeking legitimate trading services.

This domain remains active as of seed ada075. Users are advised to avoid clicking any links to tu-bitget.com.cn and verify all exchange URLs against official Bitget domains before entering credentials or transferring assets. PhishDestroy recommends blocking the domain at DNS and firewall layers and reporting any observed wallet interactions to the exchange’s fraud team immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Bitget

## Domain Intelligence
- Registered: 2026-03-22 23:00:19
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 154.204.135.230

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/57eb56ae-a071-48dd-b6f0-537be89e0ed4
- PhishDestroy: https://phishdestroy.io/domain/tu-bitget.com.cn/
- LLM endpoint: https://phishdestroy.io/domain/tu-bitget.com.cn/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/tu-bitget.com.cn/
Last updated: 2026-03-22