# kuucooinloggin.webflow.io — MALICIOUS

> kuucooinloggin.webflow.io impersonates KuCoin exchange, hosting a live phishing page with a 15/95 VirusTotal detection rate.

## Summary
PhishDestroy identifies kuucooinloggin.webflow.io as an active KuCoin brand impersonation phishing domain designed to harvest user credentials. This site mirrors the official KuCoin exchange interface to deceive visitors into submitting login details, which are immediately exfiltrated to attacker-controlled servers.  

This domain exhibits multiple red flags confirming its malicious intent. VirusTotal analysis flags this domain with 15 out of 95 security vendors detecting it as malicious, indicating a moderate but concerning detection rate. The domain leverages Google Trust Services SSL certificates to appear legitimate, resolving to IP 104.18.36.248. The Webflow-hosted page replicates the official KuCoin website, including the page title KuCoin: Crypto Exchange | Bitcoin Exchange | Bitcoin Trading, to maximize deception.  

Users who visited kuucooinloggin.webflow.io should immediately check their account activity for unauthorized logins and revoke any saved session tokens. If credentials were entered, change passwords immediately using a different device to avoid potential keylogging. Report the domain to KuCoin’s abuse team and your organization’s security team for further takedown actions.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Target brand: KuCoin
- Page title: KuCoin: Crypto Exchange | Bitcoin Exchange | Bitcoin Trading

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4dc02e7d-b697-4eca-9d8f-bf95cddb97bc
- PhishDestroy: https://phishdestroy.io/domain/kuucooinloggin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/kuucooinloggin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kuucooinloggin.webflow.io/
Last updated: 2026-04-14