# kucoenlogifn.webflow.io — MALICIOUS > PhishDestroy identifies kucoenlogifn.webflow.io as an active generic phishing domain. 21/95 security vendors flag it, targeting users with false login pages. ## Summary PhishDestroy identifies kucoenlogifn.webflow.io as a generic phishing domain actively impersonating legitimate login portals to harvest credentials and financial data. This domain leverages deceptive framing techniques, embedding spoofed forms within a compromised Webflow-hosted page to evade detection. While no specific brand or drainer kit is directly associated in current IOCs, the threat aligns with common generic phishing tactics observed in credential harvesting campaigns. Users interacting with this domain risk direct exposure of sensitive credentials, payment details, or multi-factor authentication tokens. This domain was flagged by 21 out of 95 security vendors on VirusTotal, indicating elevated malicious reputation. It resolves to IP address 104.18.36.248 and utilizes a Google Trust Services SSL certificate to build false trust. The domain kucoenlogifn.webflow.io is hosted on Webflow’s infrastructure, which has been abused for phishing due to the platform’s legitimate reputation. While exact creation date, registrar, or Google Safe Browsing (GSB) status remain unverified, the infrastructure’s alignment with phishing behavior and high VT detection rate underscores its malicious intent. As of latest assessment, kucoenlogifn.webflow.io remains active. PhishDestroy recommends immediate blocking at network and endpoint levels, including IP and domain-based rules. Users are advised to avoid access entirely and report the domain to their security teams or via abuse channels. Despite investigative actions, the domain continues to pose a risk due to active hosting and partial evasion of detection. Remaining risk is assessed as elevated, with potential for continued abuse or domain migration to new aliases. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 21 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/65e43475-c69d-4e48-8678-933acf3ab3a3 - PhishDestroy: https://phishdestroy.io/domain/kucoenlogifn.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/kucoenlogifn.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kucoenlogifn.webflow.io/ Last updated: 2026-03-30