# ca---coinsqure-cdn---auths.webflow.io — SUSPICIOUS

> ca---coinsqure-cdn---auths.webflow.io lures users with fake crypto wallet logins — 4 out of 95 VirusTotal scanners flagged this active domain resolving to 104.

## Summary
PhishDestroy identifies ca---coinsqure-cdn---auths.webflow.io as a live counterfeit crypto wallet phishing page designed to harvest user credentials. The site mimics a legitimate authentication portal and prompts visitors to enter their wallet passwords, which are then sent to attackers instead of the real service.  

This domain was flagged by 4 of 95 VirusTotal security vendors and resolves to IP address 104.18.36.248. The domain was registered via Cloudflare Registrar and deployed on Webflow’s CDN, masking its true origin and hosting infrastructure.  

If you visited this page, immediately change your crypto wallet password and enable two-factor authentication. Check your account for unauthorized transactions and revoke any unfamiliar API keys or device access. Use a password manager to avoid similar traps in the future, and report the domain to your wallet provider and local cybercrime unit.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2952643b-aa19-4d83-b27b-aae4d1312f88
- PhishDestroy: https://phishdestroy.io/domain/ca---coinsqure-cdn---auths.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/ca---coinsqure-cdn---auths.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ca---coinsqure-cdn---auths.webflow.io/
Last updated: 2026-04-15