# sso-login-kucoin.pages.dev — MALICIOUS

> PhishDestroy warns sso-login-kucoin.pages.dev is an ACTIVE KuCoin impersonation hosting a crypto drainer. Google Safe Browsing flags it as SOCIAL_ENGINEERING.

## Summary
PhishDestroy identifies the domain sso-login-kucoin.pages.dev as a high-risk KuCoin-brand impersonation currently hosting a cryptocurrency drainer. This infrastructure mimics KuCoin’s SSO login to trick users into connecting wallets, enabling asset theft via malicious smart-contract interactions. The threat is classified as active brand impersonation with confirmed drainer functionality and has received multiple security-vendor detections since deployment.

This domain was flagged by PhishDestroy on seed cd8710. Security telemetry shows VirusTotal coverage at 17/95 vendors, Google Trust Services provides the SSL certificate, the site resolves to 172.66.47.203, and Cloudflare, Inc. is the registrar. Google Safe Browsing labels it SOCIAL_ENGINEERING, placing users at immediate risk of credential and wallet compromise. The Pages.dev origin indicates dynamically provisioned infrastructure designed to evade traditional blocklists.

To mitigate risk, do not click links in unsolicited messages claiming to be KuCoin SSO. Verify any login prompt by manually typing kucoin.com and checking for the official HTTPS certificate. Revoke wallet connections immediately if you previously connected on this domain, and use PhishDestroy’s real-time scan to confirm legitimacy before entering credentials or signing transactions.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: KuCoin

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.203

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/24c72e26-8428-43c8-990e-3d381ffbf911
- PhishDestroy: https://phishdestroy.io/domain/sso-login-kucoin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-login-kucoin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-login-kucoin.pages.dev/
Last updated: 2026-03-22