# cdn-signin-coinbase.pages.dev — MALICIOUS

> Discover the risk of cdn-signin-coinbase.pages.dev, a high-threat Coinbase impersonation domain flagged for social engineering. Learn more here.

## Summary
PhishDestroy identifies cdn-signin-coinbase.pages.dev as a high-risk threat primarily involving brand impersonation targeting Coinbase. This domain was designed to deceive users by mimicking Coinbase's login interface, aiming to harvest sensitive credentials through social engineering tactics.

Supporting evidence includes its creation date on February 21, 2026, and registration through Cloudflare, Inc., with the domain resolving to IP address 172.66.47.131. The domain was flagged by Google Safe Browsing for social engineering and appeared on three separate security blocklists. Additionally, VirusTotal analysis revealed 13 out of 95 security vendors detected malicious activity related to this domain, underscoring its malicious intent.

Currently, the domain is offline and no longer accessible, as Cloudflare has taken it down following detection. Users are advised to remain vigilant for similar phishing attempts by verifying URLs and accessing Coinbase only through official channels. PhishDestroy continues to monitor such threats to help users stay protected against evolving brand impersonation attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.131
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["vivienne.ns.cloudflare.com", "lee.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cef74-5af3-72ee-a17c-5df391d49128.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0c504c2a-6fa9-433c-bf06-cfd83ce71cb4
- PhishDestroy: https://phishdestroy.io/domain/cdn-signin-coinbase.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/cdn-signin-coinbase.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cdn-signin-coinbase.pages.dev/
Last updated: 2026-03-19