# kelvin9.top — MALICIOUS

> kelvin9.top is under investigation for phishing risks. Avoid interacting with this domain to protect your data and devices.

## Summary
PhishDestroy has identified kelvin9.top as a domain exhibiting characteristics consistent with generic phishing attempts. Though it has not yet been conclusively categorized, its recent registration and suspicious context warrant close monitoring and caution.

Technically, kelvin9.top was registered on February 25, 2026, through Gname.com Pte. Ltd., a registrar sometimes associated with transient or fraudulent domains. The domain resolves to the IP address 47.251.20.212. Despite a clean VirusTotal scan showing zero detections from 95 security vendors, these factors combined with the domain's novelty and registration patterns raise red flags. No current public blocklist entries or open threat intelligence pulses explicitly identify kelvin9.top, which necessitates further scrutiny.

Currently, kelvin9.top remains active and under investigation. PhishDestroy advises users and security teams to avoid engaging with this domain until more definitive threat intelligence is available. Continued monitoring and prompt reporting of any suspicious activity linked to kelvin9.top will be essential to mitigate potential phishing risks associated with this domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: kelvin9.top/

## Domain Intelligence
- Registered: 2026-02-25 15:08:14
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 47.251.20.212
- IP Country: US
- IP City: Los Angeles
- IP Org: AS45102 Alibaba (US) Technology Co., Ltd.
- Nameservers: a.share-dns.com a9.share-dns.com b.share-dns.net b9.share-dns.net
- SSL Issuer: none

## Detection Status
- VirusTotal: 21 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "Cluster25", "CyRadar", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "SOCRadar", "Sophos", "Trustwave", "VIPRE", "Webroot", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccd55-bee1-750d-8319-d4748fe5df74.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/6b9000a7-e4b1-4574-a3c1-bf307d7b9934
- Wayback Machine: https://web.archive.org/web/https://kelvin9.top
- PhishDestroy: https://phishdestroy.io/domain/kelvin9.top/
- LLM endpoint: https://phishdestroy.io/domain/kelvin9.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kelvin9.top/
Last updated: 2026-03-19