# coinbaseprologin-web.pages.dev — MALICIOUS

> coinbaseprologin-web.pages.dev is a high-risk phishing site impersonating Coinbase. Learn why it’s dangerous and how to protect yourself.

## Summary
PhishDestroy identifies coinbaseprologin-web.pages.dev as a high-risk phishing domain impersonating the Coinbase brand. Despite being taken offline, this site posed significant danger by attempting to trick users into revealing sensitive information under the guise of a legitimate cryptocurrency platform.

This phishing scheme worked by mimicking the Coinbase Pro login interface to deceive visitors into entering their account credentials. The domain was registered recently and flagged by Google Safe Browsing for social engineering, appearing on multiple security blocklists and detected by several antivirus vendors. It resolved to an IP address associated with Cloudflare, adding a layer of perceived legitimacy.

If you visited this site, it’s critical to immediately change any Coinbase-related passwords and enable two-factor authentication. Monitor your accounts for unauthorized activity and remain cautious of unsolicited communications asking for personal details. PhishDestroy recommends verifying domain authenticity before logging in to financial services to avoid falling victim to similar scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.139
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["itzel.ns.cloudflare.com", "damon.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb9ef-a6bf-73bf-a870-ef2f6976e973.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d58748b4-a096-4e31-8b7c-52a6142fc7e0
- PhishDestroy: https://phishdestroy.io/domain/coinbaseprologin-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbaseprologin-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbaseprologin-web.pages.dev/
Last updated: 2026-03-19