# coinbase-prro-logi.gitbook.io — MALICIOUS

> coinbase-prro-logi.gitbook.io impersonates Coinbase in an active brand impersonation scam. 15/95 vendors flagged this phishing site. Check the full report.

## Summary
coinbase-prro-logi.gitbook.io has been confirmed as an active brand impersonation scam targeting Coinbase users. The domain leverages a misspelled variation of the legitimate GitBook domain (gitbook.io) to deceive victims into believing they are interacting with an official Coinbase service or support portal. This tactic exploits user trust in well-known platforms and the urgency often associated with cryptocurrency transactions. The threat is elevated due to the combination of impersonation, active distribution, and partial detection by security vendors.  

PhishDestroy identifies this domain as a confirmed threat based on multiple technical indicators. The site resolves to IP 104.18.40.47 and is registered through Cloudflare, Inc. with an SSL certificate issued by Google Trust Services, which may lend false legitimacy to the domain. Notably, 15 out of 95 security vendors on VirusTotal have flagged this domain as malicious or suspicious. The domain was created on March 30, 2014, which may suggest a long-standing infrastructure repurposed for malicious activity. Despite its age, the domain is currently active and engaged in brand impersonation, specifically mimicking Coinbase to steal credentials or financial data.  

Users and organizations should take immediate action to mitigate risk. Block access to coinbase-prro-logi.gitbook.io at the network level using DNS or firewall rules. Warn customers and employees not to interact with this domain or any links associated with it, as it may lead to credential harvesting or malware distribution. Report the domain to Coinbase’s abuse team and to threat intelligence platforms such as VirusTotal, URLVoid, or OpenPhish. Additionally, ensure multi-factor authentication (MFA) is enforced for all Coinbase accounts to reduce the impact of potential credential theft. Share this intelligence within your security team to prevent downstream compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Coinbase

## Domain Intelligence
- Registered: 2014-03-30 06:09:09
- Registrar: Cloudflare, Inc
- IP: 104.18.40.47

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/de2de646-ad2b-40c8-8db5-10ace19c6036
- PhishDestroy: https://phishdestroy.io/domain/coinbase-prro-logi.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-prro-logi.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-prro-logi.gitbook.io/
Last updated: 2026-03-23