SafeMode - Analysis: kucoinx-login.webflow.io

Captura Visual

Informações de Detecção

http://kucoinx-login.webflow.io/

Detected Brand

KuCoin

Country

Unknown

Confiança

100%

HTTP Status

200

Report ID

9ef85554-135…

Analyzed

2026-01-25 18:18

Final URL (after redirects)

https://kucoinx-login.webflow.io/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T14CB1FB23A35C33370B81817A77A50389D6DF601D7391478C21B421FD27EDE684A726F6
CONTENT ssdeep	96:hrAjBPy47k/oV+5VqtV6ViVY7Aj+B/112PmMWrFGRkHDJW2MZC5pKcegE:FAjBPpggVoVqtV6ViV8AjW1s2URW6EpW

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	be8dc1993ec1c127
VISUAL aHash	ff9fff8383ffe7e7
VISUAL dHash	3377462e2f820e8e
VISUAL wHash	1b03338383ffc3c3
VISUAL colorHash	07001000600
VISUAL cropResistant	3377462e2f820e8e,83989caeae989c6c,039bd89c8c985661,ada7868e9a998b16,829c8c8c8c3cdc5b

Análise de Código

Risk Score 73/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔒 Obfuscation Detected

fromCharCode

📊 Detalhamento da Pontuação de Risco

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester and OTP Stealer kits with real-time form interception capabilities.

Brand Impersonation

Domain impersonates KuCoin, a high-value cryptocurrency exchange target.

Obfuscation Techniques

Four distinct obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.

Malicious JavaScript

Single obfuscated JavaScript file (webflow.24a563ff7.js) with potential credential harvesting logic.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Theft (Fake KuCoin Login)

Alvo

KuCoin traders (International)

Canal de Exfiltração

Backend API (Form Submission)

🏢 Análise de Falsificação de Marca

Impersonated Brand

KuCoin

Official Website

https://www.kucoin.com

Fake Service

KuCoin account login portal

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit captures user credentials (username, password) via fake login forms mimicking KuCoin's authentication portal. Submitted data is likely exfiltrated to an attacker-controlled server in real-time.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) or 2FA codes, enabling attackers to bypass multi-factor authentication and gain unauthorized access to victim accounts.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio

kucoinx-login.webflow.io

Registered

Unknown

Registrar

Unknown

Estado

Active (age unknown)

🦠 Malicious Files

Main File

File Size

Obfuscated JavaScript file containing credential harvesting and OTP interception logic.

🔬 JavaScript Deep Analysis

Sophistication Level

Basic

Total Code Size

36,5 KB

🔗 API Endpoints Detected

Other

7

Backend API

1

🔐 Obfuscation Detected

: Light

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

KuCoin

https://kucoenlogini.webflow.io/

Mai 23, 2026

KuCoin

https://kucoinx-login.webflow.io/

Jan 30, 2026

Phishing Analysis

Captura Visual

Informações de Detecção

Hashes de Conteúdo (Similaridade HTML)

Hashes Visuais (Similaridade de Captura)

Análise de Código

🔒 Obfuscation Detected

📊 Detalhamento da Pontuação de Risco

Contributing Factors

🔬 Análise Integral de Ameaças

🏢 Análise de Falsificação de Marca

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

Secondary Method: OTP Stealer

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

🦠 Malicious Files

🔬 JavaScript Deep Analysis

🔗 API Endpoints Detected

🔐 Obfuscation Detected

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Similar Websites

Scan History for kucoinx-login.webflow.io