# kucionlgun.webflow.io — MALICIOUS > kucionlgun.webflow.io is a crypto drainer impersonating a login portal. 16/95 security vendors flagged this site—verify before you click on PhishDestroy. ## Summary PhishDestroy identifies kucionlgun.webflow.io as an active fake-login scam designed to harvest cryptocurrency wallet credentials. Visitors are presented with a convincing replica of a legitimate exchange or wallet login page; entering credentials hands control of the associated crypto assets to the threat actor. The page operates under the guise of a Webflow-hosted site, leveraging the platform’s reputation to bypass initial suspicion. Once submitted, the harvested credentials are automatically transmitted to attacker-controlled infrastructure, enabling rapid fund transfers or wallet draining operations. This domain was flagged by exactly sixteen of ninety-five VirusTotal security vendors and resolves to IP address 172.64.151.8. The SSL certificate is issued by Google Trust Services, which does not guarantee legitimacy of the underlying service. The site’s infrastructure points to Cloudflare, a common hosting choice for short-lived malicious campaigns aiming to maximize uptime while evading takedown. While creation date is not specified in the provided data, the combination of low VT detection ratio and active campaign status indicates a recently deployed threat actor asset intended for rapid exploitation. If you visited kucionlgun.webflow.io, immediately revoke any credentials you may have entered and transfer remaining assets to a newly created, hardware-isolated wallet. Scan your device with multiple reputable antivirus tools to check for infostealer remnants. Report the domain to PhishDestroy and your local CERT to accelerate network-level blocking. Disable any browser auto-fill features that could have captured additional credentials and enable multi-factor authentication using a hardware key or authenticator app on all critical accounts. Monitor blockchain transactions for unauthorized transfers and consider filing an incident report with relevant financial authorities if funds were lost. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7de58ed1-376a-418c-937f-225be5586d2e - PhishDestroy: https://phishdestroy.io/domain/kucionlgun.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/kucionlgun.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kucionlgun.webflow.io/ Last updated: 2026-04-13