# kucoinrloggen.webflow.io — MALICIOUS

> Website kucoinrloggen.webflow.io is a KuCoin brand impersonation crypto drainer detected by 19/95 VirusTotal scanners.

## Summary
The domain kucoinrloggen.webflow.io has been identified as an active crypto drainer impersonating the cryptocurrency exchange KuCoin, carrying an elevated risk rating. This domain leverages Webflow’s hosting infrastructure to masquerade as an official KuCoin login or transaction interface, aiming to trick users into connecting crypto wallets or entering sensitive credentials. Based on telemetry, this site likely uses JavaScript-based wallet drainer kits designed to silently exfiltrate tokens upon wallet connection, a common tactic in crypto phishing campaigns targeting KuCoin users. The campaign preys on brand trust and urgency, mimicking KuCoin’s branding to deceive users into authorizing malicious transactions.  

PhishDestroy analysis reveals this domain resolves to IP 104.18.36.248 and is hosted on Webflow (via webflow.io). The SSL certificate is issued by Google Trust Services, which may lend false legitimacy. VirusTotal detection stands at 19 out of 95 security vendors as of the latest scan, indicating widespread but not universal recognition of the threat. The domain was registered through Cloudflare, Inc. (registrar: cloudflare-com), and the creation date is recent—within the last 30 days—suggesting a fast-turnaround campaign. It is currently blocked by Google Safe Browsing (GSB) and appears on multiple threat intelligence blocklists, though not yet universally. These indicators point to a moderately sophisticated operation with partial evasion capabilities against standard security tools.  

This domain remains active despite partial detection coverage and GSB blocking, indicating ongoing risk to unprotected users. PhishDestroy has flagged the site with unique seed 790869 and is tracking its infrastructure and payload delivery mechanisms. The elevated risk stems from the combination of brand impersonation, crypto drainer functionality, and partial detection gaps. Users are strongly advised to avoid interacting with kucoinrloggen.webflow.io and to verify any suspicious KuCoin-related link using PhishDestroy’s real-time scanner. While current defenses have partially mitigated exposure, the domain’s active status and recent creation warrant continued vigilance as threat actors evolve tactics to bypass detection.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: KuCoin

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 19 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/92c9fae7-af72-44f8-9501-b048434d0e24
- PhishDestroy: https://phishdestroy.io/domain/kucoinrloggen.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kucoinrloggen.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kucoinrloggen.webflow.io/
Last updated: 2026-03-21