# cryptacomlginn.webflow.io — MALICIOUS

> cryptacomlginn.webflow.io is a phishing site impersonating Crypto.com. Stay safe — learn how it operates and why it’s flagged as high risk.

## Summary
PhishDestroy identifies cryptacomlginn.webflow.io as a high-risk phishing domain impersonating the well-known cryptocurrency platform Crypto.com. This fraudulent site attempts to deceive users by mimicking Crypto.com's login interface, aiming to capture sensitive credentials and personal information. The domain's strategy aligns with common brand impersonation tactics that could lead to significant financial and privacy harm.

Technically, the domain was registered on March 12, 2026, and resolved to the IP address 104.18.36.248. VirusTotal analysis indicates that 17 out of 95 security vendors flag this domain, reinforcing its malicious intent. Additionally, it appears on at least one security blocklist, underscoring its recognized threat status. The domain utilizes the Webflow hosting platform and is designed to replicate Crypto.com's OAuth login page, increasing its credibility and risk to unsuspecting users.

Currently, cryptacomlginn.webflow.io has been taken offline, mitigating immediate risk. However, users should remain vigilant against similar phishing attempts and avoid entering credentials on suspicious sites. PhishDestroy recommends verifying URLs carefully, using two-factor authentication on Crypto.com accounts, and reporting any suspicious domains to cybersecurity authorities. Continuous monitoring and awareness are crucial to defending against such impersonation threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Crypto.com
- Page title: Crypto.com Login | Crypto.com OAuth ( webflow )

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "LevelBlue", "Lionic", "Netcraft", "OpenPhish", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce544-9201-738f-9d58-fa531d585aa7.png
- PhishDestroy: https://phishdestroy.io/domain/cryptacomlginn.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/cryptacomlginn.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cryptacomlginn.webflow.io/
Last updated: 2026-03-19