# kcocoinelogin.webflow.io — MALICIOUS

> High-risk KuCoin impersonation domain kcocoinelogin.webflow.io was taken offline after detection. Avoid accessing this phishing site to protect your credentials.

## Summary
PhishDestroy identifies kcocoinelogin.webflow.io as a high-risk phishing domain impersonating the legitimate cryptocurrency exchange KuCoin. This domain employed brand impersonation tactics, using the page title "KuCoin Login: How to Access Your Account Easily" to deceive users into divulging sensitive login information. The domain was registered on March 6, 2026, signaling a recent threat aimed at exploiting unsuspecting users through social engineering.

The domain resolved to IP address 104.18.36.248 and was registered via MarkMonitor, Inc., a well-known registrar often used for domain protection but sometimes abused by threat actors. VirusTotal analysis flagged the domain by 19 out of 95 security vendors, corroborating its malicious nature. Additionally, the domain appeared on at least one security blocklist, reinforcing the urgency for caution when encountering it. The use of a Webflow subdomain suggests attackers leveraged free hosting services to mask their activities.

Currently, kcocoinelogin.webflow.io is offline, mitigating immediate risk. PhishDestroy recommends vigilance for similar domain registrations mimicking KuCoin and advises users to verify URLs carefully before entering credentials. Security teams should continue monitoring for new variants exploiting this brand and update email filters and blocklists accordingly to prevent user compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: KuCoin
- Page title: KuCoin Login: How to Access Your Account Easily

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc31e-dada-71ca-891b-91a8be5bdb6e.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/kcocoinelogin.webflow.io
- Wayback Machine: https://web.archive.org/web/https://kcocoinelogin.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/kcocoinelogin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kcocoinelogin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kcocoinelogin.webflow.io/
Last updated: 2026-03-19