EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of kucoinx-login.webflow.io

Detection Info

http://kucoinx-login.webflow.io/
Detected Brand
KuCoin
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
9ef85554-135โ€ฆ
Analyzed
2026-01-25 18:18
Final URL (after redirects)
https://kucoinx-login.webflow.io/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T14CB1FB23A35C33370B81817A77A50389D6DF601D7391478C21B421FD27EDE684A726F6
CONTENT ssdeep
96:hrAjBPy47k/oV+5VqtV6ViVY7Aj+B/112PmMWrFGRkHDJW2MZC5pKcegE:FAjBPpggVoVqtV6ViV8AjW1s2URW6EpW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
be8dc1993ec1c127
VISUAL aHash
ff9fff8383ffe7e7
VISUAL dHash
3377462e2f820e8e
VISUAL wHash
1b03338383ffc3c3
VISUAL colorHash
07001000600
VISUAL cropResistant
3377462e2f820e8e,83989caeae989c6c,039bd89c8c985661,ada7868e9a998b16,829c8c8c8c3cdc5b

Code Analysis

Risk Score 73/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Personal Info

๐Ÿ”’ Obfuscation Detected

  • fromCharCode

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester and OTP Stealer kits with real-time form interception capabilities.
Brand Impersonation
Domain impersonates KuCoin, a high-value cryptocurrency exchange target.
Obfuscation Techniques
Four distinct obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.
Malicious JavaScript
Single obfuscated JavaScript file (webflow.24a563ff7.js) with potential credential harvesting logic.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Credential Theft (Fake KuCoin Login)
Target
KuCoin traders (International)
Exfiltration Channel
Backend API (Form Submission)

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
KuCoin
Official Website
https://www.kucoin.com
Fake Service
KuCoin account login portal

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The phishing kit captures user credentials (username, password) via fake login forms mimicking KuCoin's authentication portal. Submitted data is likely exfiltrated to an attacker-controlled server in real-time.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) or 2FA codes, enabling attackers to bypass multi-factor authentication and gain unauthorized access to victim accounts.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
kucoinx-login.webflow.io
Registered
Unknown
Registrar
Unknown
Status
Active (age unknown)

๐Ÿฆ  Malicious Files

Main File
File Size

Obfuscated JavaScript file containing credential harvesting and OTP interception logic.

๐Ÿ”ฌ JavaScript Deep Analysis

Sophistication Level
Basic
Total Code Size
36.5ย KB

๐Ÿ”— API Endpoints Detected

Other
7
Backend API
1

๐Ÿ” Obfuscation Detected

  • : Light

๐Ÿค– AI-Extracted Threat Intelligence

๐ŸŽฏ Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
KuCoin
https://kucoenlogini.webflow.io/
May 23, 2026
 Screenshot
KuCoin
https://kucoinx-login.webflow.io/
Jan 30, 2026
 Screenshot
KuCoin
http://kucoinx-login.webflow.io/
Jan 30, 2026

Scan History for kucoinx-login.webflow.io

Found 2 other scans for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.