# login-coinsquaren.webflow.io — MALICIOUS > PhishDestroy identifies login-coinsquaren.webflow.io as an active credential theft domain impersonating CoinSquare with a 5/95 VirusTotal detection rate. ## Summary PhishDestroy identifies login-coinsquaren.webflow.io as an active credential-phishing domain impersonating the crypto exchange CoinSquare. The fraudulent site leverages a Webflow subdomain to host a replica login portal designed to harvest user credentials and crypto wallet private keys. This campaign is consistent with modern drainer-kit tactics that automate fund extraction shortly after credentials are submitted. Technical indicators for this domain include a VirusTotal detection score of 5/95 security vendors, hosted on IP 104.18.36.248, and secured by a Google Trust Services SSL certificate. The domain was registered through a privacy-protected registrar and shows minimal historical activity, suggesting recent creation and deployment. Google Safe Browsing has not yet blacklisted this domain, but community blocklists such as PhishTank and OpenPhish have already flagged it multiple times within 24 hours of discovery. At the time of analysis, this domain is actively serving a malicious login page and remains unblocked by default in most browsers. Users attempting to access CoinSquare via this link risk immediate credential theft and potential crypto fund loss. PhishDestroy recommends blocking the IP 104.18.36.248 and domain login-coinsquaren.webflow.io at the network or DNS level. Affected users should rotate passwords, revoke browser-saved sessions, and check for unauthorized transactions on their CoinSquare accounts. The elevated risk level and lack of full blocklist coverage indicate this threat is evolving; continuous monitoring and proactive threat hunting are strongly advised. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/login-coinsquaren.webflow.io - PhishDestroy: https://phishdestroy.io/domain/login-coinsquaren.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/login-coinsquaren.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/login-coinsquaren.webflow.io/ Last updated: 2026-04-07