# nettcoiinlogii.webflow.io — MALICIOUS

> nettcoiinlogii.webflow.io is a live crypto drainer phishing site impersonating Webflow. This domain resolves to 104.18.36.

## Summary
PhishDestroy identifies nettcoiinlogii.webflow.io as an active generic phishing domain hosting a cryptocurrency drainer kit. The page mimics a Webflow-hosted portal and is designed to trick users into connecting wallets and signing malicious transactions. No specific brand impersonation was confirmed in metadata, but the drainer script follows known patterns used to siphon funds from connected crypto wallets.  This domain was flagged by 20/95 VirusTotal security vendors and resolves to IP 104.18.36.248. The SSL certificate is issued by Google Trust Services, which does not guarantee legitimacy. The domain was created recently and hosted on Webflow’s platform, leveraging its CDN to appear credible. It remains unblocked by Google Safe Browsing at the time of writing and has not yet been listed on major threat intelligence feeds.  Current status shows the campaign is actively live and propagating through social engineering vectors. Immediate action should include domain blocking at DNS and network levels, takedown requests to Webflow and hosting providers, and community advisories. Despite its low VT score, the presence of a drainer kit and active hosting elevates operational risk. Users are advised to treat any Webflow-hosted login or wallet connection prompt with extreme caution and verify domains before interaction.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 20 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eb27d3cc-db9d-48a9-bc85-f7b06e6b8ddb
- PhishDestroy: https://phishdestroy.io/domain/nettcoiinlogii.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/nettcoiinlogii.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nettcoiinlogii.webflow.io/
Last updated: 2026-03-21