# kukcoiinzlogen.webflow.io — MALICIOUS

> kukcooinzlogen.webflow.io is a Coinbase credential phishing page flagged by 20 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies kukcooinzlogen.webflow.io as an active Coinbase-brand phishing site currently engaged in credential theft. The malicious domain is live and posing as a legitimate crypto exchange login portal to harvest user credentials and session tokens.

This domain was flagged by 20 of 95 VirusTotal security vendors and resolves to IP address 104.18.36.248. The site operates under Google Trust Services SSL certificate, giving it a deceptive appearance of legitimacy. While the exact creation date and registrar details remain unverified, the combination of high VirusTotal detection rate and active hosting indicates clear malicious intent.

Users should immediately block access to this domain and avoid entering any credentials. Organizations are advised to update firewall rules to block 104.18.36.248 and flag any related subdomains. Security teams should monitor for similar domains and consider implementing DNS sinkholing for this IP range to prevent further compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 20 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bd019453-50dd-4b74-9f14-6cc80b9e4eb1
- PhishDestroy: https://phishdestroy.io/domain/kukcoiinzlogen.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kukcoiinzlogen.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kukcoiinzlogen.webflow.io/
Last updated: 2026-04-13