# coinbase-en-pro.pages.dev — MALICIOUS

> Coinbase-en-pro.pages.dev is a high-risk phishing site impersonating Coinbase. Now offline but previously flagged by multiple security tools.

## Summary
PhishDestroy identifies coinbase-en-pro.pages.dev as a high-threat phishing domain targeting users of the cryptocurrency platform Coinbase. The domain was designed to impersonate the legitimate brand, potentially misleading victims into surrendering sensitive credentials or financial data. Due to its high risk and brand-focused approach, it posed a significant threat to the security of Coinbase customers.

Technically, the domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.47.105. VirusTotal analysis indicates that 13 out of 95 security vendors flagged this domain as malicious. Additionally, it appears on two separate security blocklists, reinforcing its malicious nature. The page title observed during active monitoring was "Suspected phishing site | Cloudflare," suggesting detection by the hosting platform itself.

Currently, coinbase-en-pro.pages.dev is offline and no longer accessible, reducing immediate risk to users. PhishDestroy recommends remaining vigilant for similar brand impersonation attempts and advises users to confirm URL authenticity before inputting credentials. Security teams should continue monitoring for domain variants and employ domain blocking or filtering to prevent exposure to such high-risk phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.105
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["olof.ns.cloudflare.com", "mallory.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c92f5-9901-70b9-8137-39b708ee37df.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/42c1818b-bfa0-431e-9852-815566318e49
- PhishDestroy: https://phishdestroy.io/domain/coinbase-en-pro.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-en-pro.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-en-pro.pages.dev/
Last updated: 2026-03-19