# kciuinlocun.webflow.io — MALICIOUS

> The domain kciuinlocun.webflow.io impersonated KuCoin and posed a phishing threat. It is now offline but was flagged for high risk. Stay vigilant.

## Summary
PhishDestroy identifies kciuinlocun.webflow.io as a high-risk phishing domain impersonating the KuCoin cryptocurrency exchange. This campaign aimed to deceive users by mimicking KuCoin’s branding to steal credentials or funds.

The domain was registered on March 6, 2026, through MarkMonitor, Inc. It resolved to IP 104.18.36.248 and appeared on one security blocklist. VirusTotal flagged it with 18 detections out of 95 vendors. The site has since been taken offline.

Users should avoid interacting with this domain or any similar URLs claiming to represent KuCoin. Always verify URLs directly through official sources and report suspicious sites to security teams to prevent credential theft or financial loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: KuCoin
- Page title: Crypto Exchange | Bitcoin Exchange | Bitcoin Trading | KuCoin

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 18 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc31e-ebe1-70cc-8d6f-2c12ebccb9a9.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/kciuinlocun.webflow.io
- Wayback Machine: https://web.archive.org/web/https://kciuinlocun.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/kciuinlocun.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kciuinlocun.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kciuinlocun.webflow.io/
Last updated: 2026-03-19