# ai-en-coinpro-login.pages.dev — MALICIOUS

> High-risk credential phishing detected at ai-en-coinpro-login.pages.dev. Domain is offline after multiple security blocklist flags. Avoid sharing login info.

## Summary
PhishDestroy identifies ai-en-coinpro-login.pages.dev as a high-risk credential phishing domain designed to steal sensitive user login details. Credential phishing threats remain critical because they enable attackers to gain unauthorized access to accounts, potentially leading to financial loss or identity theft. Users encountering this domain risk exposing their credentials to malicious actors.

This domain was registered recently on February 21, 2026, using Cloudflare, Inc. as the registrar, and it resolves to the IP address 172.66.47.5. It appeared on three separate security blocklists and triggered alerts from 14 out of 95 VirusTotal security vendors. Google Safe Browsing flagged it under social engineering, and the page displayed a 'Suspected phishing site' warning from Cloudflare. As a result, the domain is currently offline to prevent further harm.

Users should remain vigilant and avoid interacting with suspicious login pages, especially those resembling legitimate services but hosted on unfamiliar domains like ai-en-coinpro-login.pages.dev. It is advised not to enter credentials or personal information on such sites. Using updated security tools, enabling multi-factor authentication, and verifying URLs before submitting login details can help mitigate phishing risks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.5
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["leonard.ns.cloudflare.com", "katja.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c7aee-3d16-743d-943d-1b0389ea2972.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a7f34295-1f7f-4ff0-a1cd-04017a024fe3
- PhishDestroy: https://phishdestroy.io/domain/ai-en-coinpro-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ai-en-coinpro-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ai-en-coinpro-login.pages.dev/
Last updated: 2026-03-19