# ksucoinlogin.webflow.io — MALICIOUS > PhishDestroy flags ksucoinlogin.webflow.io as a crypto drainer brand impersonation targeting KuCoin. Detected by 16/95 VirusTotal vendors. ## Summary PhishDestroy identifies ksucoinlogin.webflow.io as an active brand impersonation domain masquerading as the legitimate KuCoin cryptocurrency exchange platform. This domain presents an elevated risk due to its deliberate attempt to deceive users into divulging sensitive credentials or transferring digital assets under false pretenses. Brand impersonation domains of this nature are frequently leveraged in cryptocurrency theft campaigns, where threat actors exploit user trust in recognizable brands to execute credential harvesting or crypto drainer attacks. This domain was flagged by 16 out of 95 VirusTotal security vendors, indicating widespread recognition of its malicious nature across multiple threat intelligence platforms. The domain resolves to IP address 172.64.151.8, which is associated with Cloudflare infrastructure—a common hosting provider for both legitimate and malicious web properties. While the domain’s registrar and creation date remain unverified in this advisory, the presence of multiple detections suggests prior abuse or a newly registered malicious domain designed for short-lived campaigns. Trust scores for this domain are critically low due to its impersonation of a high-profile brand, further compounding its risk profile. Additionally, the domain’s association with a crypto-focused brand impersonation aligns with known tactics used by threat actors to deploy crypto drainers or credential theft tools. To mitigate exposure to this threat, organizations and individuals should immediately block access to ksucoinlogin.webflow.io at the network and endpoint levels. Users who may have interacted with this domain should reset their KuCoin account credentials and enable multifactor authentication if not already configured. Cryptocurrency holders should also review recent transaction histories for unauthorized transfers and consider revoking any suspicious approvals for smart contracts or third-party services. Reporting this domain to relevant threat intelligence platforms and domain registrars can aid in broader mitigation efforts. Proactive monitoring for similar domains mimicking KuCoin or other major exchanges is strongly recommended to prevent further compromise. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: KuCoin ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - PhishDestroy: https://phishdestroy.io/domain/ksucoinlogin.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/ksucoinlogin.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ksucoinlogin.webflow.io/ Last updated: 2026-03-26