# kucoinyvip.top — MALICIOUS

> kucoinyvip.top imitates KuCoin and is flagged as high risk. Avoid this domain and verify official KuCoin URLs before entering sensitive info.

## Summary
PhishDestroy identifies kucoinyvip.top as a high-risk brand impersonation threat targeting users of the popular cryptocurrency exchange KuCoin. The domain was designed to deceive visitors by mimicking KuCoin's branding and page title, increasing the risk of credential theft, fraud, or financial loss. Such phishing sites matter because they exploit user trust in legitimate platforms, potentially compromising accounts and assets.

The domain kucoinyvip.top was registered recently on February 27, 2026, through Dominet (HK) Limited. It resolves to IP address 18.65.39.78 and has been detected on three separate security blocklists. AlienVault OTX includes this domain in one threat intelligence pulse, and VirusTotal scanners flag it in 14 out of 95 vendor analyses. Despite appearing in multiple threat databases, the domain is currently offline, likely removed due to its malicious activity.

Users should exercise extreme caution and avoid visiting kucoinyvip.top or entering any personal or financial details if encountered. Always verify website URLs carefully, especially when accessing sensitive services like cryptocurrency exchanges. Rely on official KuCoin domain addresses and use multi-factor authentication to secure accounts. Reporting suspicious domains to platforms like PhishDestroy helps protect the wider community from phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: KuCoin
- Page title: kuCoin

## Domain Intelligence
- Registered: 2026-02-27 14:00:02
- Expires: 2027-02-24 00:00:00
- Registrar: Dominet (HK) Limited
- Country: HK
- IP: 18.65.39.78
- IP Country: NL
- IP City: Amsterdam
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns7.alidns.com ns8.alidns.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "G-Data", "Gridinsoft", "Kaspersky", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c9f62-3303-7476-ac95-429d1f83928a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/bccedced-7fb6-43a7-9bc2-0c2875412170
- PhishDestroy: https://phishdestroy.io/domain/kucoinyvip.top/
- LLM endpoint: https://phishdestroy.io/domain/kucoinyvip.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kucoinyvip.top/
Last updated: 2026-03-19