# faq-coinbase-pro-en.pages.dev — MALICIOUS

> Faq-coinbase-pro-en.pages.dev is a high-risk phishing domain impersonating Coinbase Pro. Stay alert and avoid interacting with this site.

## Summary
PhishDestroy identifies faq-coinbase-pro-en.pages.dev as a high-risk generic phishing domain targeting users by impersonating Coinbase Pro. Such phishing campaigns aim to steal sensitive information like login credentials and financial data, posing significant risks to users who believe the site is legitimate. This threat is critical because it exploits the reputation of a well-known cryptocurrency platform to deceive victims.

The domain faq-coinbase-pro-en.pages.dev was registered on February 21, 2026, via Cloudflare, Inc., and was hosted on the Cloudflare Pages platform. It appeared on three separate security blocklists and was flagged by multiple security vendors on VirusTotal, indicating a consensus on its malicious nature. The domain has since been taken offline, reducing immediate risk but highlighting the persistent threat actors' use of cloud-based hosting services to deploy phishing infrastructure rapidly.

Users should remain vigilant when accessing cryptocurrency-related websites and verify URLs carefully. Avoid clicking links from unsolicited emails or messages claiming to be from Coinbase Pro or similar services. If you encounter suspicious domains like faq-coinbase-pro-en.pages.dev, report them to your security team or relevant authorities. Employing multi-factor authentication and keeping security software updated can further protect against credential theft and phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.133
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["lucy.ns.cloudflare.com", "donovan.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cba2c-aedd-76e2-8dcf-b1df1fe9f9eb.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/27553ccc-feee-4f0e-bc75-38d27bce48a6
- PhishDestroy: https://phishdestroy.io/domain/faq-coinbase-pro-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/faq-coinbase-pro-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faq-coinbase-pro-en.pages.dev/
Last updated: 2026-03-19