# coinbase-pro-login-eng.pages.dev — MALICIOUS

> The domain coinbase-pro-login-eng.pages.dev was flagged for phishing. Avoid interaction and verify official Coinbase channels to stay safe.

## Summary
PhishDestroy identifies coinbase-pro-login-eng.pages.dev as a high-risk phishing domain targeting Coinbase users through brand impersonation. This tactic is designed to deceive individuals into revealing sensitive credentials or financial information by mimicking a trusted platform. Such threats pose significant risks including identity theft, unauthorized account access, and financial loss.

The domain was registered on February 21, 2026, via Cloudflare, Inc. It resolves to the IP address 172.66.44.89. This site appeared on three separate security blocklists and was flagged by 13 out of 95 VirusTotal security vendors, indicating high suspicion. Although the domain is currently offline, its Cloudflare-based registration and usage of a subdomain under pages.dev suggest an attempt to leverage legitimate infrastructure to evade detection. The page title noted was "Suspected phishing site | Cloudflare," reinforcing the domain’s malicious intent.

Users are strongly advised to avoid visiting coinbase-pro-login-eng.pages.dev and similar suspicious URLs. Always verify website authenticity by accessing financial services through official domains or trusted apps. Enabling two-factor authentication on Coinbase accounts can provide additional security. If exposure to this domain occurred, users should monitor account activity closely and report any suspicious behavior to Coinbase and relevant authorities immediately.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.89
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jocelyn.ns.cloudflare.com", "fonzie.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc373-d17a-73e2-a69c-0975071a3106.png
- PhishDestroy: https://phishdestroy.io/domain/coinbase-pro-login-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-pro-login-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-pro-login-eng.pages.dev/
Last updated: 2026-03-19