# kucoin-logink.gitbook.io — MALICIOUS

> Beware of kucoin-logink.gitbook.io, a credential phishing site targeting KuCoin users. Do not enter personal info. Stay safe and verify URLs carefully.

## Summary
PhishDestroy identifies kucoin-logink.gitbook.io as a credential phishing domain imitating KuCoin, a popular cryptocurrency exchange. The domain is classified as malicious due to its intent to harvest user credentials, potentially compromising user accounts and assets. This classification is based on its deceptive naming and hosted content designed to mimic legitimate login portals.

Technically, the domain is registered via Cloudflare, Inc and was created on March 30, 2014. It resolves to the IP address 104.18.40.47, which is part of Cloudflare's infrastructure often used to obscure origin servers. VirusTotal analysis shows that 5 out of 95 security vendors flagged this domain, indicating a moderate detection consensus for malicious activity. The use of GitBook as a hosting platform further suggests the attackers leverage free or low-cost web hosting services to propagate phishing content.

Currently, kucoin-logink.gitbook.io remains active and is considered a medium risk threat. Users are strongly advised to avoid interacting with this domain and to verify URLs before entering sensitive information. PhishDestroy recommends blocking this domain at network levels and reporting any suspicious activity related to KuCoin login attempts to official support channels. Continuous monitoring is essential to track any changes or new phishing variants using similar tactics.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Target brand: KuCoin
- Page title: KÚCÔIN LÔGIN | BITCÔIN

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 104.18.40.47
- Nameservers: dahlia.ns.cloudflare.com hugh.ns.cloudflare.com

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CyRadar", "DNS8", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "MalwareURL", "Netcraft", "Sophos", "Trustwave", "VIPRE", "Webroot", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Live Page Content
- Meta title: KÚCÔIN LÔGIN | BITCÔIN &amp; CRYPTÔ

### Page Text
KÚCÔIN LÔGIN | BITCÔIN & CRYPTÔ KÚCÔIN LÔGIN | BITCÔIN & CRYPTÔ ⌘ Ctrl k KÚCÔIN LÔGIN | BITCÔIN & CRYPTÔ KÚCÔIN LÔGIN | BITCÔIN & CRYPTÔ Powered by GitBook On this page Copy KÚCÔIN LÔGIN | BITCÔIN & CRYPTÔ

### External Scripts
- https://static-2c.gitbook.com/_next/static/chunks/87c73c54-095cf9a90cf9ee03.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/21902-071d67c25a3198c5.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/main-app-95dfd8d3dd2e941a.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/app/global-error-8fffda4f93bd8922.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/f5718501-8545f65f56dd58ef.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/9071f66d-6845f9ef16b3a69b.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/28728-db690aa75c5b02e4.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/30290-582ca1f5a0cb4ca8.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/59290-abc179ef89159efb.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884
- https://static-2c.gitbook.com/_next/static/chunks/32172-ef933005f6ef589b.js?dpl=6c613d0df35a4381e557621982faeeb0f25a5884

### External Links
- https://gitbook.com/docs/published-documentation/custom-domain/configure-dns#are-you-using-cloudflare
- https://www.gitbook.com/?utm_source=content&amp;utm_medium=trademark&amp;utm_campaign=meRjDytS7Csx3sDdisdz

## Evidence
- Screenshot: https://i.ibb.co/Txr3v9MK/144ce2f1fe8e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9c1f7b7a-a81a-4c79-ac40-14c66b0d9341
- PhishDestroy: https://phishdestroy.io/domain/kucoin-logink.gitbook.io/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kucoin-logink.gitbook.io/
Last updated: 2026-03-14