# coinbas-pro-logon.pages.dev — MALICIOUS

> Coinbas-pro-logon.pages.dev is a high-risk phishing domain flagged by multiple blocklists. Learn about its threat and stay protected with PhishDestroy.

## Summary
PhishDestroy identifies coinbas-pro-logon.pages.dev as a high-risk generic phishing threat targeting unsuspecting users. The domain is crafted to mimic legitimate cryptocurrency platforms, aiming to steal sensitive login credentials under the guise of a trusted service.

This domain was registered recently on February 21, 2026, and is hosted on an IP address linked to Cloudflare, Inc. It has been flagged by 13 security vendors on VirusTotal and appears on three separate security blocklists. The domain’s infrastructure and hosting patterns align with common phishing tactics, including the use of a Cloudflare pages.dev subdomain to evade early detection. The page title currently reads "Suspected phishing site | Cloudflare," indicating it has been taken offline.

Users are advised to avoid interacting with this domain or any suspicious links resembling legitimate cryptocurrency services. PhishDestroy recommends employing updated endpoint security solutions and monitoring for phishing attempts. The domain is currently offline, reducing immediate risk; however, vigilance remains essential as attackers may deploy similar tactics with new domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.227
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["simon.ns.cloudflare.com", "mallory.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aa7b3-f16a-7026-88a2-81329cacfb3f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c7a42503-9621-45de-9f58-c9f98894fb09
- PhishDestroy: https://phishdestroy.io/domain/coinbas-pro-logon.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbas-pro-logon.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbas-pro-logon.pages.dev/
Last updated: 2026-03-19