# coinbase-login--pro-faq.pages.dev — MALICIOUS

> coinbase-login--pro-faq.pages.dev is a high-risk phishing domain impersonating Coinbase. Avoid interaction and verify URLs before entering credentials.

## Summary
PhishDestroy has identified coinbase-login--pro-faq.pages.dev as a high-risk phishing domain engaging in brand impersonation targeting Coinbase users. This domain attempts to deceive users by mimicking official Coinbase login services to harvest sensitive information. Due to the nature of this threat, users are advised to exercise caution and avoid providing any personal or financial details on this site.

The domain was registered on February 21, 2026, through Cloudflare, Inc., and resolves to IP address 172.66.44.231. It has been flagged by 15 out of 95 security vendors on VirusTotal and is listed on three separate security blocklists. Google Safe Browsing has classified the domain under the SOCIAL_ENGINEERING category. The page title detected was "Suspected phishing site | Cloudflare," indicating hosting or mitigation involvement.

Currently, the domain is offline, reducing immediate risk; however, users should remain vigilant as similar phishing setups may emerge. It is recommended to verify website URLs carefully, avoid clicking suspicious links, and use official apps or bookmarks for Coinbase access. Reporting any suspicious activity related to this domain to security platforms will aid ongoing threat mitigation.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.231
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["salvador.ns.cloudflare.com", "perla.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb260-8670-751f-b926-7682cf116dd1.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/962604ed-7e41-431a-9858-78aade107983
- PhishDestroy: https://phishdestroy.io/domain/coinbase-login--pro-faq.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-login--pro-faq.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-login--pro-faq.pages.dev/
Last updated: 2026-03-19