# coinbase-loginus.pages.dev — MALICIOUS

> coinbase-loginus.pages.dev is a high-risk phishing site taken offline. Avoid submitting credentials and verify URL legitimacy when accessing Coinbase.

## Summary
PhishDestroy identifies coinbase-loginus.pages.dev as a high-risk credential phishing domain designed to steal user login details by impersonating Coinbase. This type of threat poses serious risks such as unauthorized account access and financial loss, making vigilance crucial for user safety.

The domain was registered on February 21, 2026, using Cloudflare, Inc. as the registrar and appeared on three security blocklists. VirusTotal analysis flagged it by 15 out of 95 security vendors, confirming its malicious intent. Fortunately, the domain is currently offline, preventing further exploitation.

Users are strongly advised to avoid interacting with this domain or submitting any sensitive information. Always verify URLs carefully, use official apps or websites for accessing accounts, and enable multi-factor authentication. Reporting suspicious domains helps protect the broader community from phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.53
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["elisa.ns.cloudflare.com", "lakas.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cbac6-9f66-76fe-9f9c-f8a325b6333a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d729f9fa-2926-4f6d-a22d-475863f17976
- PhishDestroy: https://phishdestroy.io/domain/coinbase-loginus.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-loginus.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-loginus.pages.dev/
Last updated: 2026-03-19