# page-coinbase-secure.pages.dev — MALICIOUS

> page-coinbase-secure.pages.dev impersonates Coinbase and poses high risk. Learn why this phishing site was taken offline and how to stay protected.

## Summary
PhishDestroy identifies page-coinbase-secure.pages.dev as a high-risk phishing domain impersonating the popular cryptocurrency platform Coinbase. This site was designed to deceive users by mimicking the legitimate service to steal sensitive information such as login credentials or financial data. Although the domain is now offline, it previously posed a significant threat to anyone attempting to access Coinbase services via this fraudulent URL.

This phishing attempt worked by exploiting users’ trust in Coinbase’s brand and using a domain registered through Cloudflare, Inc. The site closely resembled the official Coinbase interface, intending to trick victims into entering confidential details. Security analysis revealed the domain was flagged on multiple security blocklists and was detected by 15 out of 95 antivirus engines on VirusTotal. The domain’s creation date back in 2020 and its resolution to an IP address linked with Cloudflare also helped confirm its suspicious nature.

If you have visited page-coinbase-secure.pages.dev, it is crucial to immediately change your Coinbase account password and enable two-factor authentication to protect your assets. Additionally, monitor your financial accounts for unauthorized transactions and consider running a full security scan on your devices. Always verify URLs carefully before entering personal information, especially on sites claiming to represent financial institutions. For ongoing protection, rely on trusted sources like PhishDestroy to stay informed about emerging phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2020-09-02 02:33:29
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.58
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["adi.ns.cloudflare.com", "karl.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ca8be-c861-7550-b9fd-efb12c586d08.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8a2d7792-b948-4b07-8bd1-43d97cb38c7e
- PhishDestroy: https://phishdestroy.io/domain/page-coinbase-secure.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/page-coinbase-secure.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/page-coinbase-secure.pages.dev/
Last updated: 2026-03-19