# secure-coin-base-pro-faq.square.site — MALICIOUS

> secure-coin-base-pro-faq.square.site poses high credential phishing risk. Avoid login attempts and verify official Coinbase sites only.

## Summary
PhishDestroy identifies secure-coin-base-pro-faq.square.site as a high-risk credential phishing domain. It masquerades as an official Coinbase Pro resource, using a deceptive page title to lure users into submitting sensitive login details. This domain leverages brand confusion by incorporating terms like 'Official Site®' and 'coinbase login' to exploit user trust.

Technically, the domain was registered recently on March 12, 2026, through MarkMonitor, Inc., a registrar often used for brand protection but also targeted for abuse. VirusTotal analysis shows 16 out of 95 security vendors flagging this domain, indicating significant suspicion. It currently appears on two independent security blocklists, reinforcing its malicious classification. Hosting under the square.site platform suggests it exploits popular third-party services to evade immediate takedown.

The domain remains active, representing an ongoing threat to users seeking legitimate Coinbase services. PhishDestroy recommends users avoid interacting with this site and only access Coinbase through verified official URLs. Security teams should block this domain proactively and monitor related phishing activity tied to this infrastructure. Immediate awareness and caution can prevent credential compromise stemming from this threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Target brand: Coinbase
- Page title: Official Site® | Coinbase Pro | Digital Asset Exchange® | coinbase login

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- Nameservers: ["ns-810.awsdns-37.net", "ns-1816.awsdns-35.co.uk", "ns-311.awsdns-38.com", "ns-1248.awsdns-28.org"]
- SSL Issuer: E7

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "LevelBlue", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce201-b1f6-75a6-b759-e0f4acd02232.png
- PhishDestroy: https://phishdestroy.io/domain/secure-coin-base-pro-faq.square.site/
- LLM endpoint: https://phishdestroy.io/domain/secure-coin-base-pro-faq.square.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secure-coin-base-pro-faq.square.site/
Last updated: 2026-03-19