# blockfi--loginauth.webflow.io — MALICIOUS > blockfi--loginauth.webflow.io is a credential theft page impersonating BlockFi. Security vendors flag 16/95 detections. Avoid entering credentials here. ## Summary PhishDestroy identifies blockfi--loginauth.webflow.io as an active credential phishing domain impersonating BlockFi, a cryptocurrency platform. The site mimics BlockFi’s login interface to harvest user credentials and potentially drain crypto assets. No evidence suggests a crypto drainer kit is embedded; however, the domain solely serves as a credential theft portal, leveraging brand impersonation to deceive visitors. Technical indicators confirm elevated risk: VirusTotal detection stands at 16 out of 95 security vendors, indicating partial coverage. The domain resolves to IP 172.64.151.8 (Cloudflare infrastructure) and uses a Google Trust Services SSL certificate for legitimacy. Webflow acts as the hosting platform via a subdomain, obscuring malicious infrastructure. The domain’s recent creation (implied by absence in historical blocklists) and lack of prior flagging in Google Safe Browsing (GSB) suggest opportunistic deployment. Current blocklist counts remain undisclosed, but the low VT score highlights evasion tactics. As of this report, the domain remains active and unblocked by major browsers. BlockFi users should scrutinize login URLs rigorously and enable multi-factor authentication (MFA) to mitigate risks. Security teams are advised to add this domain to network blocklists and warn users. Remaining risk is classified as elevated due to the domain’s active status and partial detection coverage. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8c41b1e9-6d63-4370-8b7a-23f77d07930b - PhishDestroy: https://phishdestroy.io/domain/blockfi--loginauth.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/blockfi--loginauth.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/blockfi--loginauth.webflow.io/ Last updated: 2026-03-22