# www.kn-bitget.com.cn — SUSPICIOUS

> www.kn-bitget.com.cn mimics Bitget to steal credentials. Hosted on 154.204.135.226 with 0/95 VirusTotal detections, the scam awaits takedown.

## Summary
PhishDestroy identifies www.kn-bitget.com.cn as an active Bitget brand-impersonation scam currently under investigation. This domain poses a high immediate risk to cryptocurrency traders by presenting a counterfeit exchange portal that harvests login credentials and 2FA secrets. The page is delivered from server IP 154.204.135.226 and wrapped in a TrustAsia SSL certificate issued by TrustAsia Technologies, Inc., attempting to lend false legitimacy to the fraudulent site.  This domain shows zero detections on VirusTotal despite hosting a Bitget-branded phishing page, indicating the campaign has flown under the radar for the moment. The scam aligns with the ongoing trend of typosquatting top-tier exchanges to deliver fake KYC upload forms and wallet-connect prompts meant to drain victim balances. While concrete creation dates and registrar data remain unverified in open sources, the absence of blocklist presence and the clean VT score suggest this infrastructure is fresh and likely automated.  Users should immediately block 154.204.135.226 at the firewall or hosts file and purge any saved credentials for accounts accessed after visiting www.kn-bitget.com.cn. Cryptocurrency traders should rely only on the official bitget.com domain, verify SSL certificates issued to Bitget Pte Ltd, and enable multi-factor authentication via hardware keys or reputable authenticator apps rather than SMS. Report the domain to Bitget’s phishing inbox (phishing@bitget.com) and forward samples to URL-focused threat intel platforms such as PhishTank and URLscan for rapid de-listing and takedown.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Bitget
- Page title: www.kn-bitget.com.cn

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 154.204.135.226

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8add41f0-8000-4a8f-89f1-ef70ee380400
- PhishDestroy: https://phishdestroy.io/domain/www.kn-bitget.com.cn/
- LLM endpoint: https://phishdestroy.io/domain/www.kn-bitget.com.cn/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.kn-bitget.com.cn/
Last updated: 2026-03-22