# page--en-netcoins---com-cdn---autth.webflow.io — MALICIOUS > Avoid page--en-netcoins---com-cdn---autth.webflow.io: a high-risk phishing site. Do not enter personal info and report suspicious activity immediately. ## Summary PhishDestroy identifies page--en-netcoins---com-cdn---autth.webflow.io as an active, high-risk generic phishing domain. This site is designed to deceive users by mimicking legitimate services, potentially leading to theft of sensitive information such as login credentials or financial data. The urgency of this threat is heightened due to its active status and phishing intent. The domain resolves to IP address 104.18.36.248, associated with Cloudflare's content delivery network, which is often leveraged by threat actors to mask true hosting locations and increase resilience against takedown efforts. VirusTotal analysis flags this domain by 18 out of 95 security vendors, underscoring its malicious nature. The domain structure includes multiple hyphens and resembles legitimate cryptocurrency-related sites, a common tactic used to exploit user trust, which aligns with phishing campaigns targeting cryptocurrency users. Currently, the domain remains active and poses a significant risk to users. PhishDestroy strongly recommends immediate blocking of the domain at network and endpoint levels. Users should avoid interacting with the site and report any suspicious communications referencing this domain. Organizations are advised to update threat intelligence feeds and educate users on recognizing such deceptive URLs. Continuous monitoring for related infrastructure changes is also essential to mitigate evolving phishing threats linked to this actor. (Seed: c53ef4) ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP 200) - Page title: Netcoins | Login ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 - Nameservers: NS_NOT_FOUND ## Detection Status - VirusTotal: 19 vendors flagged Vendors: ["ADMINUSLabs", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot", "alphaMountain.ai"] - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["PhishDestroy"] ## Live Page Content - Meta description: Secure your crypto journey with NetCoins Login. Trade crypto, send and receive funds, set alerts, and more in just a few clicks. ### Page Text Netcoins | Login ### External Scripts - https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=673831ab73b190ea1e0964b2 - https://cdn.prod.website-files.com/673831ab73b190ea1e0964b2/js/webflow.7e939bc70.js ### External Links - https://webflow.com?utm_campaign=brandjs ## Evidence - Screenshot: https://urlscan.io/screenshots/019cc5a2-4b84-77c1-9b9c-93968a42e981.png - Cloudflare Radar: https://radar.cloudflare.com/scan/bb2f953c-8876-474e-8699-875a3d5b4d98 - PhishDestroy: https://phishdestroy.io/domain/page--en-netcoins---com-cdn---autth.webflow.io/ ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/page--en-netcoins---com-cdn---autth.webflow.io/ Last updated: 2026-03-14