# co18sa.top — SUSPICIOUS > Beware: co18sa.top impersonates brands to steal credentials. VirusTotal shows 0/95 detections. Block immediately and verify all login URLs. ## Summary PhishDestroy identifies co18sa.top as an active credential theft phishing domain registered on March 17, 2026 through Gname.com Pte. Ltd. This domain is currently unresolved for specific malware families but exhibits hallmarks of a generic phishing campaign targeting user login credentials. Analysis suggests no affiliation with known drainer kits, though further behavioral sandboxing is required to rule out evolving tactics. This domain resolves to IP 172.67.165.89 and utilizes a Let's Encrypt SSL certificate. VirusTotal currently reports 0 detections across 95 engines, indicating minimal signature-based detection. The domain shows no presence on Google Safe Browsing (GSB) blocklists as of the latest crawl. Registration via Gname.com and recent creation date suggest opportunistic, short-lived infrastructure typical of phishing operations. Threat intelligence sources have logged zero prior associations with co18sa.top, indicating a fresh or minimally reused domain. co18sa.top remains active with unknown blocklist coverage as of this investigation. PhishDestroy recommends immediate network-level blocking of the domain and IP address 172.67.165.89. Users should avoid interacting with any login prompts or forms linked to this domain. Remaining risk is classified as 'under investigation' due to low detection rates and lack of historical data. Organizations are advised to audit DNS logs for queries to co18sa.top and inspect endpoints for outbound connections to the associated IP. Further IOCs and behavioral indicators will be updated as analysis progresses. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-17 10:51:57 - Registrar: Gname.com Pte. Ltd. - IP: 172.67.165.89 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/688f1446-5566-4289-b6c8-84b1b3fafeb2 - PhishDestroy: https://phishdestroy.io/domain/co18sa.top/ - LLM endpoint: https://phishdestroy.io/domain/co18sa.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/co18sa.top/ Last updated: 2026-03-26