# login-kucoinin.webflow.io — MALICIOUS

> PhishDestroy identifies login-kucoinin.webflow.io as a KuCoin brand impersonation crypto drainer. 20/95 VirusTotal vendors flag this active site.

## Summary
PhishDestroy has identified the domain login-kucoinin.webflow.io as an active KuCoin brand impersonation site that poses a significant credential theft and crypto-draining risk to unsuspecting users.  login-kucoinin.webflow.io is designed to mimic the legitimate KuCoin login portal, tricking visitors into entering their credentials or cryptocurrency wallet information. Once harvested, these details are used by attackers to drain funds, hijack accounts, or escalate fraud across other platforms. The site has been assigned an elevated risk level due to confirmed malicious intent and widespread detection by security vendors. It resolves to IP address 104.18.36.248 and uses a Google Trust Services SSL certificate to appear legitimate at first glance.  This domain was flagged by 20 out of 95 VirusTotal security vendors, indicating a high level of consensus among the security community about its dangerous nature. The certificate provider and Webflow hosting may complicate initial identification, but the volume of detections underscores the immediacy of the threat. If you visited login-kucoinin.webflow.io, assume your credentials or wallet data may have been compromised. Disconnect from the internet, revoke session tokens, change passwords everywhere you reused credentials, and report the domain to KuCoin’s abuse team and your local cybercrime unit to help prevent further abuse.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: KuCoin

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 20 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/31abc25b-ec38-46cc-b47d-7323b3a347ea
- PhishDestroy: https://phishdestroy.io/domain/login-kucoinin.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/login-kucoinin.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/login-kucoinin.webflow.io/
Last updated: 2026-03-22