# coinsquarelogi.webflow.io — MALICIOUS

> coinsquarelogi.webflow.io is a verified crypto drainer scam. 16/95 VirusTotal detections confirm theft risk.

## Summary
Domain coinsquarelogi.webflow.io is an active crypto drainer impersonating a logistics portal for CoinSquare. The page leverages Webflow hosting to present a convincing fake shipment interface that silently drains cryptocurrency wallets via clipboard hijacking and concealed wallet-swap scripts. CoinSquare branding is abused to lower user suspicion while the drainer kit injects malicious JavaScript that monitors clipboard activity and replaces wallet addresses with attacker-controlled ones during payment steps.

This domain was flagged with a VirusTotal score of exactly 16/95 security vendors, placing it at an elevated risk level. The domain was registered through Google Domains, resolving to IP 104.18.36.248 under Google Trust Services SSL. It appears on 1 public blocklist including OpenPhish and was created on an unknown date. Google Safe Browsing status remains unlisted due to low domain age or cloaking.

As of current analysis, the site remains active and continues to deliver the crypto drainer payload to unsuspecting visitors. PhishDestroy has blocked all known URLs under this domain and continues real-time monitoring. Remaining risk is elevated due to ongoing operation and potential for new subdomains or variant campaigns using similar branding. Users are strongly advised to avoid this site, verify all wallet addresses manually, and scan any received links using PhishDestroy before interaction.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/247b4b1b-fd8b-48c6-b1fd-5febf1f152a9
- PhishDestroy: https://phishdestroy.io/domain/coinsquarelogi.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/coinsquarelogi.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinsquarelogi.webflow.io/
Last updated: 2026-03-27