# begin-logn-support-cnbase.pages.dev — MALICIOUS

> Discover why begin-logn-support-cnbase.pages.dev was flagged for phishing and taken offline. Review domain details and threat indicators here.

## Summary
PhishDestroy identifies begin-logn-support-cnbase.pages.dev as a high-risk generic phishing domain. It was classified due to its deceptive intent aimed at social engineering victims, as confirmed by Google Safe Browsing. The domain's creation date of February 21, 2026, and its suspicious naming convention raise immediate red flags in phishing investigations, guided by unique seed 6ccb52.

Technical analysis reveals that the domain resolved to IP address 172.66.47.61 and was registered through Cloudflare, Inc., a common infrastructure provider sometimes used by malicious actors. The domain appeared on three distinct security blocklists and was flagged under the SOCIAL_ENGINEERING category. VirusTotal analysis showed 13 out of 95 security vendors detected malicious activity associated with this domain, underscoring its threat potential.

Currently, the domain is offline and no longer resolves, indicating that mitigation efforts have successfully disrupted its availability. Cloudflare has taken action to suspend the domain, and its removal from circulation significantly reduces the risk of further victimization. PhishDestroy continues to monitor similar domains leveraging Cloudflare infrastructure and updates threat intelligence accordingly.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.61
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["pedro.ns.cloudflare.com", "nelly.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd770-3cc5-740e-a17a-04945d0b7acb.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c5428816-c131-4cb6-87fe-62b26cd4e033
- PhishDestroy: https://phishdestroy.io/domain/begin-logn-support-cnbase.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/begin-logn-support-cnbase.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/begin-logn-support-cnbase.pages.dev/
Last updated: 2026-03-19