# kucoiny.top — MALICIOUS

> kucoiny.top is a high-risk phishing site mimicking KuCoin. Avoid interaction and secure your assets. Learn more on PhishDestroy.

## Summary
PhishDestroy identifies kucoiny.top as a high-risk phishing domain engaged in brand impersonation targeting KuCoin users. The domain's risk level is classified as high due to its direct attempt to deceive victims by mimicking the official KuCoin brand, potentially leading to credential theft or financial loss.

Supporting evidence includes 16 out of 95 security vendors flagging kucoiny.top on VirusTotal, alongside appearances on three separate security blocklists. The domain was registered through Dominet (HK) Limited on February 27, 2026, and resolved to IP address 3.171.214.94. It was also detected in one AlienVault OTX threat intelligence pulse, confirming its malicious infrastructure and active monitoring by threat analysts. The page title found, "kuCoin," further indicates deliberate brand impersonation to lure unsuspecting users.

Currently, kucoiny.top is offline, which reduces immediate risk; however, users should remain vigilant against similar phishing attempts. PhishDestroy recommends avoiding any interaction with this domain or related links, ensuring credentials are not reused across platforms, and enabling multi-factor authentication on all KuCoin accounts. Continuous monitoring and reporting of suspicious domains imitating KuCoin are essential to mitigate credential compromise and financial fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: KuCoin
- Page title: kuCoin

## Domain Intelligence
- Registered: 2026-02-27 14:00:02
- Expires: 2027-02-24 00:00:00
- Registrar: Dominet (HK) Limited
- Country: HK
- IP: 3.171.214.94
- IP Country: DE
- IP City: Mörfelden-Walldorf
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns7.alidns.com ns8.alidns.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c9f5f-7ed2-72d9-9f80-2c276124f93c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a127fb5b-ed86-44b9-8701-a18ab8c74e73
- PhishDestroy: https://phishdestroy.io/domain/kucoiny.top/
- LLM endpoint: https://phishdestroy.io/domain/kucoiny.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kucoiny.top/
Last updated: 2026-03-19