# auth-kucon-help-sso.webflow.io — SUSPICIOUS > PhishDestroy identifies auth-kucon-help-sso.webflow.io as a credential phishing page mimicking a help-desk SSO portal. Check the full report. ## Summary PhishDestroy identifies the domain auth-kucon-help-sso.webflow.io as a generic credential-phishing page currently active and under investigation. This site impersonates a help-desk single sign-on portal, aiming to trick users into submitting authentication credentials. The infrastructure hosting the page resolves to IP 172.64.151.8 and is served over HTTPS with a Google Trust Services SSL certificate, increasing its appearance of legitimacy. This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, indicating it remains undetected by most antivirus engines. The domain is registered through Cloudflare, Inc., the registrar tied to the Webflow.io platform, and uses a recently observed infrastructure profile associated with short-lived phishing campaigns. The SSL certificate was issued within the last 30 days, and while the domain has not yet been widely blocklisted, early behavioral indicators suggest it is part of a coordinated campaign targeting enterprise support portals. Given the active status and low detection rate, users are advised to avoid interacting with any links or forms on auth-kucon-help-sso.webflow.io. Organizations should add this domain and IP (172.64.151.8) to network blocklists and monitor for related credential submission patterns. Report any suspicious access or failed login attempts to your security team. This domain is under continuous monitoring and will be updated as new intelligence emerges. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/auth-kucon-help-sso.webflow.io - PhishDestroy: https://phishdestroy.io/domain/auth-kucon-help-sso.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/auth-kucon-help-sso.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/auth-kucon-help-sso.webflow.io/ Last updated: 2026-04-05