# ikucoinlogin.webflow.io — MALICIOUS

> ikucoinlogin.webflow.io is a live crypto drainer that impersonates KuCoin. This Webflow-hosted scam already triggers 20/95 VirusTotal detections.

## Summary
PhishDestroy identifies ikucoinlogin.webflow.io as an active brand-impersonation site targeting KuCoin users. The domain is configured as a credential stealer disguised behind a Webflow page named “ikucoinlogin,” aiming to harvest exchange login details for cryptocurrency theft.

Technical indicators confirm elevated risk: the site carries a 20/95 detection score on VirusTotal, resolves to IP 104.18.36.248 operated by Cloudflare, and uses a Google Trust Services SSL certificate. The domain was registered recently and is flagged as unsafe by Google Safe Browsing. Cross-referencing blocklists shows consistent categorization as a phishing resource.

Current status remains active, with no takedown observed at time of writing. Immediate response actions include domain blacklisting and SSL revocation requests. Remaining risk is elevated due to live hosting, trusted SSL, and partial detection coverage, necessitating user vigilance and real-time verification tools.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: KuCoin

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 20 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/ec5f569e-4924-46f3-8906-7cee581b80db
- PhishDestroy: https://phishdestroy.io/domain/ikucoinlogin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/ikucoinlogin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ikucoinlogin.webflow.io/
Last updated: 2026-03-21