# admin-api.echowebsites.cc — MALICIOUS

> admin-api.echowebsites.cc was a high-risk phishing site flagged for social engineering. Learn what happened and how to stay safe.

## Summary
PhishDestroy identifies admin-api.echowebsites.cc as a high-risk phishing domain designed to deceive users and steal sensitive information. Although currently offline, this domain posed significant risks by imitating legitimate services to trick victims into revealing personal data.

This phishing campaign operated by creating a fake administrative API portal to lure users into entering login credentials or other private details. The site was flagged by multiple security vendors and appeared on several blocklists due to its malicious intent. Google Safe Browsing categorized the domain as a social engineering threat, indicating the likelihood of convincing scams aimed at exploiting user trust.

If you visited admin-api.echowebsites.cc, it is crucial to immediately check for any unauthorized account activity and change affected passwords. Running a full malware scan and enabling multi-factor authentication can further protect your accounts. Staying vigilant and avoiding suspicious links remains essential to prevent phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Coinbase 钱包登录 - 跨平台解决方案

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 104.21.31.121
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["carla.ns.cloudflare.com", "vasilii.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "SOCRadar", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b14ef-d3f9-701e-8bad-bb601f0a5f69.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f5d33616-829f-4ca9-92ed-8ff6e97786d6
- PhishDestroy: https://phishdestroy.io/domain/admin-api.echowebsites.cc/
- LLM endpoint: https://phishdestroy.io/domain/admin-api.echowebsites.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/admin-api.echowebsites.cc/
Last updated: 2026-03-19