# co-inbase-login.pages.dev — MALICIOUS

> Avoid co-inbase-login.pages.dev — a phishing domain mimicking Coinbase to steal your info. Stay safe and verify site authenticity before logging in.

## Summary
PhishDestroy identifies co-inbase-login.pages.dev as a dangerous phishing domain pretending to be Coinbase, a popular cryptocurrency platform. This site tricks users into thinking they are on a legitimate page, putting sensitive info at risk.

This phishing attempt works by mimicking the Coinbase login page to steal credentials. The domain was created recently, flagged for social engineering by Google Safe Browsing, and appears on multiple security blocklists, confirming its malicious intent.

If you’ve visited this site, immediately change your Coinbase password and enable two-factor authentication. Avoid entering any personal details, and report suspicious emails or messages directing you to this or similar domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.177
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["gabriella.ns.cloudflare.com", "pedro.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019af6f1-4e27-70f8-8ed3-47dba60ece45.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7fb63e6b-5bfe-402e-a60e-f2d7952fcb7c
- PhishDestroy: https://phishdestroy.io/domain/co-inbase-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/co-inbase-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/co-inbase-login.pages.dev/
Last updated: 2026-03-19