# begincoinbasesignin.pages.dev — MALICIOUS

> begincoinbasesignin.pages.dev is a phishing site mimicking Coinbase to steal your info. Avoid this site and protect your accounts now.

## Summary
PhishDestroy identifies begincoinbasesignin.pages.dev as a high-risk phishing domain impersonating the well-known cryptocurrency platform Coinbase. This site was flagged by multiple security vendors and Google Safe Browsing for social engineering tactics, indicating it attempts to deceive users into revealing sensitive information. Although currently offline, it posed a serious threat to anyone seeking to log in to their Coinbase account.

This phishing scheme works by mimicking Coinbase’s sign-in page, tricking users into entering their login credentials on a fake website. The attackers then capture these details to gain unauthorized access to victims’ accounts, potentially leading to financial loss or identity theft. The domain was registered through Cloudflare and appeared on several security blocklists, confirming its malicious intent.

If you visited begincoinbasesignin.pages.dev, immediately change your Coinbase password and enable two-factor authentication for added security. Monitor your account for any suspicious activity and report any unauthorized transactions to Coinbase support. Avoid clicking links from unverified sources and always verify the URL before entering personal information to stay protected from similar phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.147
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["laylah.ns.cloudflare.com", "kanye.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cef8c-2d10-72ac-8125-f120ff5ff250.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b5097c56-3d68-4bb5-a03e-3454c838e27a
- PhishDestroy: https://phishdestroy.io/domain/begincoinbasesignin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/begincoinbasesignin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/begincoinbasesignin.pages.dev/
Last updated: 2026-03-19