# qucoin-login.pages.dev — SUSPICIOUS > qucoin-login.pages.dev is serving a credential phishing page mimicking QuCoin with 0/95 VirusTotal detections. Verify before entering any credentials. ## Summary qucoin-login.pages.dev has been identified by PhishDestroy as an active credential phishing domain impersonating the QuCoin cryptocurrency platform. The domain leverages a fraudulent login portal hosted on a Cloudflare Pages subdomain (pages.dev) to capture user credentials under the guise of a legitimate crypto wallet authentication flow. The threat is classified as credential theft, targeting victims with the intent to harvest login details and potentially drain associated cryptocurrency assets. Given the active status, SSL certificate presence, and lack of detection on VirusTotal at the time of analysis, this domain poses an elevated risk to users who may mistakenly trust the compromised login interface. PhishDestroy’s analysis of qucoin-login.pages.dev reveals several technical indicators and data points that raise significant red flags. The domain resolves to IP address 188.114.96.3, which is associated with Cloudflare’s hosting infrastructure and lacks a verified track record in trust databases. The SSL certificate is issued by Google Trust Services, a common practice among legitimate services, but its use here does not validate the domain’s authenticity—only the encryption of traffic to/from it. VirusTotal currently reports 0 out of 95 detection engines flagging the domain as malicious, indicating minimal signature-based detection coverage. This low detection rate is common among newly active phishing sites that evade traditional antivirus and anti-phishing tools through rapid infrastructure rotation and obfuscation. While no specific blocklist inclusion or domain age data is available via public sources at this time, the threat remains under active investigation by multiple threat intelligence platforms. Users are strongly advised not to interact with qucoin-login.pages.dev or submit any login credentials, wallet addresses, or private keys. This domain is a credential theft trap designed to harvest authentication details for subsequent account takeover and cryptocurrency theft. If you have already entered information, immediately change your password on the official QuCoin platform and enable two-factor authentication. Review all recent transactions and revoke any unauthorized access to your crypto wallets or exchange accounts. Block the domain and IP 188.114.96.3 at the network level where possible, and report the site to your local cybersecurity authority or via PhishDestroy’s submission portal. Always verify website URLs by navigating directly from official channels and avoid clicking links in unsolicited emails or social media messages. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f4ca6178-57d3-41f6-b628-5254750db41a - PhishDestroy: https://phishdestroy.io/domain/qucoin-login.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/qucoin-login.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/qucoin-login.pages.dev/ Last updated: 2026-03-22