# coin-base-login-fed.pages.dev — MALICIOUS

> Avoid coin-base-login-fed.pages.dev, a phishing site impersonating Coinbase. This domain is flagged and taken offline. Stay vigilant and protect your data.

## Summary
PhishDestroy identifies coin-base-login-fed.pages.dev as a high-risk phishing domain targeting Coinbase users. This fraudulent site was created on February 21, 2026, and is designed to deceive individuals by mimicking the trusted Coinbase brand. Such phishing attempts pose significant dangers including theft of personal login credentials, financial loss, and unauthorized access to cryptocurrency accounts.

This phishing scheme operates by presenting a counterfeit login page closely resembling Coinbase’s official interface. Unsuspecting users who enter their credentials on this site risk having their sensitive information intercepted by cybercriminals. The domain was flagged for social engineering by Google Safe Browsing and appears on multiple security blocklists. VirusTotal analysis also highlights suspicious activity, with 14 out of 95 security vendors identifying the domain as malicious. Fortunately, the domain has been taken offline, reducing immediate risk.

If you have visited coin-base-login-fed.pages.dev, it is critical to take prompt action. Change your Coinbase password immediately and enable two-factor authentication if not already active. Monitor your account for any unauthorized transactions and report suspicious activity to Coinbase support. Additionally, run a comprehensive security scan on your devices to detect potential malware. Staying informed and cautious helps prevent falling victim to phishing attacks like this one.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.171
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["sue.ns.cloudflare.com", "alfred.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb402-04c5-74db-9336-23070a1b4f0e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b58e58e5-f3bf-4924-9277-47a1363b39a9
- PhishDestroy: https://phishdestroy.io/domain/coin-base-login-fed.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coin-base-login-fed.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coin-base-login-fed.pages.dev/
Last updated: 2026-03-19