# coinbase--pro-login-web.pages.dev — MALICIOUS

> coinbase--pro-login-web.pages.dev is a phishing site impersonating Coinbase. Avoid sharing personal info and verify URLs before logging in.

## Summary
PhishDestroy has identified coinbase--pro-login-web.pages.dev as a high-risk phishing domain impersonating the cryptocurrency platform Coinbase. This site attempts to deceive users into believing they are accessing the legitimate Coinbase service, putting their sensitive information at risk. With 14 security vendors flagging it and multiple blocklists marking it dangerous, this domain posed a significant threat before being taken offline.

This phishing campaign operated by mimicking Coinbase’s login interface, tricking victims into entering usernames, passwords, and potentially other credentials. The domain was registered through Cloudflare on February 21, 2026 and resolved to IP 172.66.47.65. Its design aimed to exploit user trust by closely resembling official Coinbase pages, a common technique to harvest login details for fraudulent use.

If you visited coinbase--pro-login-web.pages.dev, immediately avoid entering any personal data and change your Coinbase account password if you did. Enable two-factor authentication on your account for extra security. Users should remain vigilant, only access Coinbase via official URLs, and report suspicious sites to help prevent credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.65
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["malavika.ns.cloudflare.com", "dante.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cca35-6c48-77dc-9695-bf06925ac6a5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/06ba7e99-f93b-4f02-85ae-1278852da190
- PhishDestroy: https://phishdestroy.io/domain/coinbase--pro-login-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase--pro-login-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase--pro-login-web.pages.dev/
Last updated: 2026-03-19