# sso--secure--coinbasepro-cdn-i-autth.webflow.io — MALICIOUS

> sso--secure--coinbasepro-cdn-i-autth.webflow.io mimics Coinbase to steal info. Avoid this high-risk domain. Learn more and stay safe with PhishDestroy.

## Summary
PhishDestroy identifies sso--secure--coinbasepro-cdn-i-autth.webflow.io as a dangerous brand impersonation domain targeting Coinbase users. Although currently offline, it was flagged for social engineering and appears on multiple security blocklists.

This phishing domain tried to trick users by mimicking Coinbase’s name and trusted branding to steal login credentials or personal data. While the page currently shows a 404 error, its history of malicious activity poses a high risk to anyone redirected there.

If you visited this site, immediately change your Coinbase passwords and enable two-factor authentication. Run a malware scan on your device and remain vigilant against suspicious emails or messages pretending to be from Coinbase.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Coinbase
- Page title: 404 - Page not found

## Domain Intelligence
- Registered: 2026-03-02 15:00:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/Q3snRWm1/0f3fb2f59a9e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2f29e1a1-916c-4e79-a419-245959b777b7
- Wayback Machine: https://web.archive.org/web/https://sso--secure--coinbasepro-cdn-i-autth.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/sso--secure--coinbasepro-cdn-i-autth.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/sso--secure--coinbasepro-cdn-i-autth.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso--secure--coinbasepro-cdn-i-autth.webflow.io/
Last updated: 2026-03-19