# api.coinbasewebs.com — SUSPICIOUS

> api.coinbasewebs.com mimics Coinbase to deceive users. Avoid interaction and report suspicious Coinbase-related links to stay safe.

## Summary
PhishDestroy identifies api.coinbasewebs.com as a low-risk phishing domain impersonating the Coinbase brand to trick users. This domain aims to exploit user trust by mimicking a legitimate cryptocurrency platform.

The domain was registered recently on March 11, 2026, and resolves to IP address 104.21.7.88. It is listed on two security blocklists and has been flagged by 2 out of 95 VirusTotal security vendors. These indicators suggest malicious intent behind the infrastructure.

Currently, api.coinbasewebs.com remains active and poses a potential threat to users. PhishDestroy recommends avoiding any engagement with this domain, reporting suspicious Coinbase-related URLs, and maintaining updated security defenses to mitigate risk.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 530)
- Target brand: Coinbase

## Domain Intelligence
- Registered: 2026-03-11 01:07:01
- IP: 104.21.7.88
- SSL Issuer: E8

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["ChainPatrol", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd884-d28e-740f-885b-f73bff9e0cab.png
- PhishDestroy: https://phishdestroy.io/domain/api.coinbasewebs.com/
- LLM endpoint: https://phishdestroy.io/domain/api.coinbasewebs.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/api.coinbasewebs.com/
Last updated: 2026-03-19