# coinbase-authq.pages.dev — MALICIOUS

> Stay safe from coinbase-authq.pages.dev, a high-risk phishing domain mimicking Coinbase. Avoid interaction and report suspicious activity immediately.

## Summary
PhishDestroy has identified coinbase-authq.pages.dev as a high-risk brand impersonation threat impersonating the popular cryptocurrency platform Coinbase. This domain was flagged for its role in social engineering attacks aimed at deceiving users into divulging sensitive information, posing a significant risk to personal and financial security.

The domain was registered on February 21, 2026, through Cloudflare, Inc. It resolves to the IP address 172.66.45.46 and has been listed on three security blocklists. Google Safe Browsing categorizes the site under social engineering threats, while VirusTotal reports 13 out of 95 security vendors detecting malicious activity associated with this domain. Fortunately, the domain is currently offline, mitigating its immediate risk.

Users are strongly advised to remain vigilant and avoid visiting coinbase-authq.pages.dev or providing any personal credentials to it. If you encounter this domain or similar phishing attempts, report them to your security team or directly to Coinbase. Maintaining updated security software and verifying URLs before entering sensitive information are crucial steps to protect against such fraudulent schemes.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.46
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["reza.ns.cloudflare.com", "apollo.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c68b5-7b08-7015-94f9-a4ab8530899b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/18b92ff3-2b5c-4393-86a3-1353ad6b0e0a
- PhishDestroy: https://phishdestroy.io/domain/coinbase-authq.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-authq.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-authq.pages.dev/
Last updated: 2026-03-19