# sso-coinbase-com.pages.dev — MALICIOUS

> sso-coinbase-com.pages.dev posed a high-risk phishing threat impersonating Coinbase. Stay alert and avoid interacting with this domain.

## Summary
PhishDestroy identifies sso-coinbase-com.pages.dev as a high-risk brand impersonation phishing domain targeting Coinbase users. This domain attempted to deceive victims by mimicking Coinbase's login experience, posing a significant social engineering threat.

The domain, registered through Cloudflare, Inc. on February 21, 2026, was flagged by 16 out of 95 security vendors on VirusTotal and appears on three distinct security blocklists. It resolved to IP address 172.66.44.203 and was detected by Google Safe Browsing under the SOCIAL_ENGINEERING category. The page title "Suspected phishing site | Cloudflare" further corroborates its malicious intent.

Currently, sso-coinbase-com.pages.dev has been taken offline, effectively mitigating the immediate risk. Users are advised to remain vigilant against similar brand impersonation attempts and verify URLs before entering personal credentials to avoid compromising sensitive data.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.203
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["emerson.ns.cloudflare.com", "jill.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceeaf-f9fc-7250-8b13-1d37b1c4c47e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3a00e746-64e7-4158-bbb1-9529621cb4a2
- PhishDestroy: https://phishdestroy.io/domain/sso-coinbase-com.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-coinbase-com.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-coinbase-com.pages.dev/
Last updated: 2026-03-19