# 478299coinbase.com — MALICIOUS

> Discover why 478299coinbase.com poses a high risk of Coinbase brand impersonation. Learn about its phishing threats and current offline status.

## Summary
PhishDestroy identifies 478299coinbase.com as a high-risk domain engaged in brand impersonation targeting Coinbase users. Classified under a brand impersonation threat type, this domain’s intent is to deceive visitors by mimicking a trusted platform, putting user credentials and assets at significant risk.

The domain was registered recently on March 4, 2026, through NiceNIC International Group Co., Limited, and resolves to the IP address 188.114.96.3. It has been flagged by Google Safe Browsing for social engineering, appears on three different security blocklists, and VirusTotal analysis shows 13 out of 95 vendors detect it as malicious. The page title indicating a suspected phishing site on Cloudflare further supports the conclusion of malicious activity.

Currently, 478299coinbase.com is offline, reducing immediate danger to users. However, vigilance is advised as similar domains could emerge. Users should avoid engaging with suspicious URLs and rely on official Coinbase communication channels. Organizations can bolster defenses by blocking this domain and monitoring for related phishing attempts. PhishDestroy recommends continued monitoring of such high-risk domains to preempt future brand impersonation attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-04 13:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: max.ns.cloudflare.com mckenzie.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb8f9-7dbd-7655-907c-b267197e5324.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b7afa097-a27c-46ee-b761-1e3f33624427
- PhishDestroy: https://phishdestroy.io/domain/478299coinbase.com/
- LLM endpoint: https://phishdestroy.io/domain/478299coinbase.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/478299coinbase.com/
Last updated: 2026-03-19