# coin-crypto-login.pages.dev — MALICIOUS

> coin-crypto-login.pages.dev engaged in credential phishing, flagged by multiple blocklists, and now offline. Learn key findings and risk details.

## Summary
PhishDestroy identifies coin-crypto-login.pages.dev as a credential phishing domain designed to harvest user login information under the guise of cryptocurrency services. Classified with a high risk level, this domain was part of an active phishing campaign aiming to deceive users into submitting sensitive credentials.

Technical indicators reveal that the domain was registered on February 21, 2026, via Cloudflare, Inc. It resolved to the IP address 172.66.47.77 and appeared on three separate security blocklists. VirusTotal analysis flagged the domain by 14 out of 95 security vendors, confirming its malicious intent. The page title "Suspected phishing site | Cloudflare" indicates Cloudflare’s mitigation efforts.

The domain is currently offline following detection and takedown actions. PhishDestroy recommends continued monitoring of similar domains hosted through Cloudflare’s platform, as this incident demonstrates persistent abuse of cloud-based services for phishing purposes. Users should remain vigilant against credential phishing schemes mimicking cryptocurrency login portals.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.77
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ziggy.ns.cloudflare.com", "toby.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c2d44-2abf-71fd-b9a3-bb86c1072dab.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/98af95e9-7c74-45b5-b6db-429d404e97da
- PhishDestroy: https://phishdestroy.io/domain/coin-crypto-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coin-crypto-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coin-crypto-login.pages.dev/
Last updated: 2026-03-19