# kucoinelogie.webflow.io — MALICIOUS

> Avoid kucoinelogie.webflow.io — a high-risk phishing domain impersonating KuCoin. This site is offline but remains dangerous. Stay alert and protect your data.

## Summary
PhishDestroy identifies kucoinelogie.webflow.io as a high-risk phishing domain engaged in brand impersonation targeting KuCoin users. The domain aimed to deceive victims by mimicking KuCoin's login interface, increasing the likelihood of credential theft and unauthorized account access.

Supporting this assessment, kucoinelogie.webflow.io resolved to IP 104.18.36.248 and was registered through MarkMonitor, Inc., a known registrar for both legitimate and malicious domains. VirusTotal flagged the domain by 17 out of 95 security vendors, and it appears on one security blocklist, further confirming its malicious intent. The domain was created recently on March 6, 2026, indicating a fresh campaign likely intended to exploit current KuCoin users.

Currently, the domain is taken offline, removing immediate risk from this specific URL. However, users should remain cautious of similar phishing attempts. It is advised to verify URLs carefully before entering credentials and to leverage multi-factor authentication on KuCoin accounts. PhishDestroy will continue monitoring related threats linked to this unique seed 3331cc.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: KuCoin
- Page title: Ku𝐂oin* Login - Guide Easy Steps to Access Your Account

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc31f-1675-7557-b958-b7a570e2189e.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/kucoinelogie.webflow.io
- Wayback Machine: https://web.archive.org/web/https://kucoinelogie.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/kucoinelogie.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kucoinelogie.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kucoinelogie.webflow.io/
Last updated: 2026-03-19