# coinjoin.site — SUSPICIOUS

> coinjoin.site is a crypto drainer site active since Feb 2026. Security vendors flag it at 1/95. Verify safety on PhishDestroy before visiting.

## Summary
PhishDestroy identifies coinjoin.site as a generic phishing domain leveraging the CoinJoin cryptocurrency mixing service to deceive users. This domain is part of a broader campaign targeting individuals seeking privacy-focused Bitcoin transactions. The site likely employs a crypto drainer kit designed to siphon funds from unsuspecting victims' wallets during transaction signing processes.  

Domain registration details reveal coinjoin.site was created on February 11, 2026, through NameCheap, Inc., resolving to IP 193.201.15.249. VirusTotal flags this domain with a minimal detection score of 1/95 security vendors, indicating low but present malicious activity awareness. The domain utilizes a Let's Encrypt SSL certificate, a common tactic to appear legitimate. No Google Safe Browsing (GSB) status or blocklist counts are provided, suggesting recent emergence or minimal historical reporting.  

As of current analysis, coinjoin.site remains active with an elevated risk level. Users are advised to avoid interaction and verify domain safety via PhishDestroy's threat database. The low VT detection score underscores the need for proactive threat intelligence, as this domain could evade traditional security measures. While no widespread attacks are confirmed, the combination of a newly registered domain and crypto drainer infrastructure poses significant risks to cryptocurrency users.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-11 22:59:36
- Registrar: NameCheap, Inc.
- IP: 193.201.15.249

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/871ad77b-9f68-4f33-a915-f9733b5c00d0
- PhishDestroy: https://phishdestroy.io/domain/coinjoin.site/
- LLM endpoint: https://phishdestroy.io/domain/coinjoin.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinjoin.site/
Last updated: 2026-03-27