# bitmartplogin.webflow.io — MALICIOUS > bitmartplogin.webflow.io is a credential phishing domain impersonating BitMart login pages. 19/95 security vendors flag this threat. Check the full report. ## Summary PhishDestroy identifies bitmartplogin.webflow.io as an active credential phishing domain designed to harvest BitMart exchange user credentials. The rogue site uses a spoofed login interface on the Webflow.io platform to deceive victims into entering their exchange credentials, which are then exfiltrated to attacker-controlled servers. This tactic is typical of modern credential drainers that mimic legitimate exchange login flows to bypass traditional email filters and endpoint protections. The domain leverages a convincing UI resembling BitMart’s official portal, increasing the likelihood of user deception and successful account takeovers. bitmartplogin.webflow.io resolves to IP 104.18.36.248 and is flagged by 19 of 95 VirusTotal security vendors. The domain operates under Google Trust Services SSL, enhancing its appearance of legitimacy. This domain was created recently and hosted on Webflow’s infrastructure, a common tactic to rapidly deploy phishing campaigns with minimal technical overhead. Despite its recent creation, the domain has already been blacklisted by multiple threat intelligence platforms, underscoring its malicious intent and high-risk profile. As of this assessment, bitmartplogin.webflow.io remains active and poses an elevated risk to users attempting to access BitMart services. Immediate response actions include blocking the domain at DNS and network levels, revoking any TLS certificates associated with the IP range, and updating endpoint protection rules to detect and block access. Users should avoid accessing this domain and verify any BitMart login links through official channels only. Although mitigation measures are in place, the domain’s active status and convincing impersonation mean residual risk remains high for unaware users. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 19 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1aadbb4e-d4ef-433e-b556-2637aa053d12 - PhishDestroy: https://phishdestroy.io/domain/bitmartplogin.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/bitmartplogin.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/bitmartplogin.webflow.io/ Last updated: 2026-03-29