# sso-en-cdn-coinbase.pages.dev — MALICIOUS

> Discover why sso-en-cdn-coinbase.pages.dev is flagged as a high-risk phishing site and what you should know before interacting with it.

## Summary
PhishDestroy identifies sso-en-cdn-coinbase.pages.dev as a high-risk generic phishing domain. It masquerades as a Coinbase-related login portal, attempting to deceive users into divulging sensitive information. This domain is classified under social engineering threats due to its intent to impersonate a trusted service and trick users into credential theft.

The domain was registered through Cloudflare, Inc. on February 21, 2026. It appears on three prominent security blocklists and is flagged by 14 out of 95 security vendors on VirusTotal, indicating consensus about its malicious nature. Google Safe Browsing categorizes the domain under social engineering, reinforcing concerns about deceptive tactics. The use of the 'pages.dev' subdomain suggests exploitation of legitimate hosting infrastructure to lend credibility to the fraudulent site.

Currently, the domain is offline following detection and takedown measures. Its removal from active hosting mitigates immediate risk, but users should remain vigilant for similar phishing attempts leveraging trusted brand names and cloud-based hosting platforms. PhishDestroy recommends avoiding any interaction with this domain and verifying URLs carefully when accessing cryptocurrency services.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.167
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kelly.ns.cloudflare.com", "jeremy.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc195-c785-73ef-9438-bd4e6253403a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/831723b0-9300-438d-bf40-aa9cb6b1a6d8
- PhishDestroy: https://phishdestroy.io/domain/sso-en-cdn-coinbase.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-en-cdn-coinbase.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-en-cdn-coinbase.pages.dev/
Last updated: 2026-03-19