# auth-coinbase-sign-in.pages.dev — MALICIOUS

> auth-coinbase-sign-in.pages.dev is a high-risk phishing domain impersonating Coinbase. Stay alert and avoid entering credentials on suspicious sites.

## Summary
PhishDestroy identifies auth-coinbase-sign-in.pages.dev as a dangerous phishing website targeting Coinbase users. This domain was flagged for social engineering and appears on multiple blocklists, posing a significant risk to personal account security.

The scam operates by mimicking Coinbase’s login page, tricking victims into submitting their login credentials to attackers. The domain was registered through Cloudflare and is currently offline after being flagged by Google Safe Browsing and numerous security vendors.

If you visited this site, immediately change your Coinbase password and enable two-factor authentication. Monitor your accounts for unauthorized activity and report any suspicious behavior to Coinbase support.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.220
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["laylah.ns.cloudflare.com", "kanye.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cec71-c989-75ed-8813-24e62be69e27.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/de3663c5-606a-4888-b52e-c8452171365e
- PhishDestroy: https://phishdestroy.io/domain/auth-coinbase-sign-in.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/auth-coinbase-sign-in.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auth-coinbase-sign-in.pages.dev/
Last updated: 2026-03-19