# en--coinbase-pro-pag.pages.dev — MALICIOUS

> en--coinbase-pro-pag.pages.dev is a phishing site impersonating Coinbase. Avoid this domain and ensure your crypto accounts remain secure.

## Summary
PhishDestroy identifies en--coinbase-pro-pag.pages.dev as a high-risk phishing domain targeting Coinbase users. This threat is significant because it attempts to deceive individuals into revealing sensitive information, potentially leading to financial loss. Brand impersonation like this undermines trust in legitimate platforms and exposes users to social engineering attacks.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and is currently offline after being flagged for social engineering by Google Safe Browsing and appearing on multiple security blocklists. It resolved to IP 172.66.45.22 and was detected by 13 out of 95 vendors on VirusTotal. The site’s title, “Suspected phishing site | Cloudflare,” indicates that proactive measures have been taken to mitigate its impact.

Users should avoid visiting en--coinbase-pro-pag.pages.dev and never enter login credentials or personal data on suspicious sites. It is also critical to verify website URLs carefully, use two-factor authentication on Coinbase accounts, and keep security software updated. If you suspect you interacted with this domain, immediately review account activity and consider changing passwords to protect your assets.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.22
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["melnicoff.ns.cloudflare.com", "shubhi.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ChainPatrol", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a3c77-2c42-73c7-b633-da2460de95f3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/139b7b22-0e51-4545-bc3b-2d3a5b8bd77b
- PhishDestroy: https://phishdestroy.io/domain/en--coinbase-pro-pag.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en--coinbase-pro-pag.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en--coinbase-pro-pag.pages.dev/
Last updated: 2026-03-19