# ku-coin-login-aht.pages.dev — MALICIOUS

> PhishDestroy flags ku-coin-login-aht.pages.dev as a KuCoin brand impersonation crypto drainer site (17 VirusTotal detections) — verify before you click or type.

## Summary
PhishDestroy identifies ku-coin-login-aht.pages.dev as an active phishing page impersonating the popular cryptocurrency exchange KuCoin. The site is designed to steal your login credentials or worse, drain your crypto wallet once you enter seed phrases or private keys. Cloudflare Pages hosts the page, but the subdomain ku-coin-login-aht is clearly trying to trick users into believing they’re on the real KuCoin login portal. Google Safe Browsing has already marked it as SOCIAL_ENGINEERING, meaning it lures victims through fake login prompts and deceptive redirects. Visitors should assume this site is malicious until proven otherwise.  This domain was flagged by 17 out of 95 VirusTotal security vendors, indicating high suspicion among automated scanners. It resolves to IP address 172.66.44.147, a Cloudflare node commonly used to serve phishing content behind fast-changing hostnames. The SSL certificate is issued by Google Trust Services, a tactic scammers use to appear legitimate. The page lives under Cloudflare, Inc.’s Pages platform, a legitimate service repurposed for malicious campaigns. While the infrastructure is cloud-based, the intent is fraudulent: to mimic KuCoin and harvest sensitive financial data.  If you visited ku-coin-login-aht.pages.dev, do not enter any KuCoin credentials, seed phrases, or wallet private keys. Disconnect from the site immediately and clear your browser cache and cookies. Scan your device for malware using reputable antivirus software. Revoke any permissions granted to unrecognized browser extensions and consider changing passwords only on the official KuCoin website (kucoin.com) from a bookmarked or trusted source. Report this domain to PhishDestroy and your cybersecurity team to help block it for others.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: KuCoin

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.147

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7749150f-0c99-4db9-849b-7e3d9c3f90c1
- PhishDestroy: https://phishdestroy.io/domain/ku-coin-login-aht.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ku-coin-login-aht.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ku-coin-login-aht.pages.dev/
Last updated: 2026-03-21