# gemintlogin.webflow.io — MALICIOUS > gemintlogin.webflow.io is a fake crypto drainer impersonating Gemini. Flagged by 16 of 95 VirusTotal vendors. Avoid this site—verify with PhishDestroy. ## Summary PhishDestroy identifies gemintlogin.webflow.io as a high-risk, active domain engaged in brand impersonation targeting Gemini users. This site specifically hosts a fraudulent login page designed to mimic the legitimate Gemini cryptocurrency platform. The goal is to deceive users into entering their credentials or connecting crypto wallets, enabling the theft of digital assets through a crypto drainer mechanism. The domain is currently active and has been confirmed as part of an ongoing social engineering campaign. This domain was flagged by 16 of 95 VirusTotal security vendors and appears on two independent blocklists. It resolves to IP address 104.18.36.248, which is associated with Google Trust Services SSL certificates. The site is explicitly blocked by security tools such as MetaMask and SEAL, and has been flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category. Blocklist data indicates this domain was created recently but is already widely distrusted across the security community. Users are strongly advised to avoid interacting with gemintlogin.webflow.io and any associated links or emails. To verify the legitimacy of a Gemini login page or communication, always navigate directly to the official gemini.com domain or use authenticated bookmarks. If you suspect exposure to this site, revoke any connected wallet permissions immediately and run a full security scan on your device. PhishDestroy continues to monitor this domain and updates its threat intelligence feeds accordingly. For further verification or to report suspicious activity, visit phishdestroy.com. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Gemini ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 2 hits Lists: ["MetaMask", "SEAL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1b139290-7bf6-4148-808f-62abfdf0c1e6 - PhishDestroy: https://phishdestroy.io/domain/gemintlogin.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/gemintlogin.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gemintlogin.webflow.io/ Last updated: 2026-04-14