# netcoiens-login.webflow.io — MALICIOUS

> netcoiens-login.webflow.io is a credential phishing site mimicking Netcoins login, flagged by 8/95 VirusTotal scanners.

## Summary
PhishDestroy identifies netcoiens-login.webflow.io as an active credential phishing domain designed to harvest Netcoins account credentials. This fraudulent site poses an elevated risk to users who may unknowingly submit sensitive login details, risking direct financial exposure and account takeover. The threat is confirmed through multiple technical indicators and third-party assessments, making this a high-priority risk to public safety.


This domain was flagged by 8 out of 95 VirusTotal security vendors, indicating significant detection but not universal consensus. It resolves to IP address 104.18.36.248 and operates under a Google Trust Services SSL certificate, which does not validate its legitimacy as a Netcoins service endpoint. The domain features a structure designed to appear authentic, including the subdomain netcoiens-login, exploiting brand trust and urgency to deceive users. Despite the legitimate-sounding webflow.io hosting service, the domain’s purpose is clearly malicious and misaligned with Netcoins official infrastructure. No further data on registrar or creation date is available at this time, but the combination of high VirusTotal detection and SSL issuance suggests a recently active or repurposed fraudulent setup.


To mitigate exposure to this fraudulent site, users should immediately verify all login URLs against the official Netcoins website (netcoins.com) before entering credentials. Bookmark the official site or use verified applications only. If credentials were entered, users must change passwords immediately and enable two-factor authentication. Report any interaction with this domain to Netcoins support and local cybercrime units. Network administrators should block access to netcoiens-login.webflow.io and the associated IP 104.18.36.248 at the firewall level. Users are advised to scan devices for malware that may have been installed via this phishing attempt and monitor financial accounts for unauthorized activity. Public awareness campaigns should emphasize the dangers of credential phishing, particularly targeting users of financial platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0c35845b-b9ba-427f-9e8f-376b57bc10cb
- PhishDestroy: https://phishdestroy.io/domain/netcoiens-login.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/netcoiens-login.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/netcoiens-login.webflow.io/
Last updated: 2026-03-26