# get-coinbse-logn.pages.dev — MALICIOUS

> Analyze get-coinbse-logn.pages.dev, flagged for phishing and social engineering. Discover its risk level, status, and technical threat indicators.

## Summary
PhishDestroy identifies get-coinbse-logn.pages.dev as a high-risk generic phishing domain designed to impersonate legitimate cryptocurrency platforms. The domain's title, suggestive of a login page, and its naming closely mimic popular services to deceive users into divulging sensitive information. Classified under social engineering threats, this site aimed to exploit user trust by masquerading as an authentic login portal.

Technical analysis reveals that the domain was registered recently on February 21, 2026, via Cloudflare, Inc., a common registrar used by both legitimate and malicious actors due to its privacy features. The domain resolves to IP address 172.66.47.187, which is associated with Cloudflare's infrastructure, facilitating fast content delivery but also complicating attribution. VirusTotal scans flagged the domain by 14 out of 95 security vendors, while it appeared on two separate security blocklists. Additionally, Google Safe Browsing categorized the domain under "SOCIAL_ENGINEERING," confirming its phishing intent.

As of the latest assessment, get-coinbse-logn.pages.dev has been taken offline, mitigating immediate threats to users. Cloudflare's intervention and the domain’s removal from active hosting underscore the effectiveness of current countermeasures. PhishDestroy continues to monitor such domains for reactivation attempts and advises users to exercise caution when encountering suspicious cryptocurrency login pages. This case exemplifies the ongoing risks associated with phishing campaigns targeting financial platforms and the importance of timely threat intelligence.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.187
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dorthy.ns.cloudflare.com", "giancarlo.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a0e98-4368-772a-882b-7656a821722b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3ff4228d-8d70-4b30-9cbd-6ed877c226b1
- PhishDestroy: https://phishdestroy.io/domain/get-coinbse-logn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/get-coinbse-logn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-coinbse-logn.pages.dev/
Last updated: 2026-03-19