# coinsquuaarelogin.webflow.io — SUSPICIOUS > coinsquuaarelogin.webflow.io is a fake Coinbase login page and crypto drainer site with 0/95 VirusTotal detections—verify on PhishDestroy before entering. ## Summary PhishDestroy identifies coinsquuaarelogin.webflow.io as an active credential-phishing domain impersonating the Coinbase login interface, likely serving as a crypto drainer kit to steal wallet credentials or authorization tokens. The domain is hosted on Webflow’s platform and is currently under investigation for malicious activity. No specific drainer kit has been confirmed, but the page’s structure closely mimics Coinbase’s official authentication flow, suggesting an attempt to harvest user credentials or session tokens for unauthorized crypto transfers. This domain exhibits the following technical indicators: a VirusTotal detection rate of 0/95, hosted on IP 172.64.151.8 via Cloudflare (172.64.0.0/13 range), and secured with a Google Trust Services SSL certificate. The domain is registered under Webflow’s infrastructure and was recently created, with no verified creation date available in public records. It has not been flagged by Google Safe Browsing (GSB) and remains unlisted on major blocklists, increasing its potential to deceive unsuspecting users. These traits indicate a recently deployed, low-profile phishing operation. As of this assessment, coinsquuaarelogin.webflow.io remains active and unblocked. Response actions include ongoing monitoring by PhishDestroy, but no takedown or blacklisting has occurred. The remaining risk is moderate due to the domain’s stealthy setup and lack of current detection. Users are strongly advised to verify the legitimacy of this site using PhishDestroy’s tools before interacting with any crypto-related login pages. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.64.151.8 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/coinsquuaarelogin.webflow.io - PhishDestroy: https://phishdestroy.io/domain/coinsquuaarelogin.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/coinsquuaarelogin.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/coinsquuaarelogin.webflow.io/ Last updated: 2026-04-07