# coinbase-connect.pages.dev — MALICIOUS

> Avoid coinbase-connect.pages.dev: a high-risk phishing site now offline. Do not interact with this domain to protect your information.

## Summary
PhishDestroy identifies coinbase-connect.pages.dev as a suspicious domain involved in generic phishing activities targeting users by mimicking trusted financial services. This domain was registered on February 21, 2026, under Cloudflare, Inc., and classified under a high-risk category due to its deceptive intent.

Technical indicators highlight that coinbase-connect.pages.dev was flagged by 14 out of 95 security vendors on VirusTotal and appeared on three separate security blocklists. The use of a Cloudflare-powered subdomain hints at attempts to exploit legitimate infrastructure for malicious purposes, typical of phishing campaigns aiming to harvest credentials.

Currently, the domain has been taken offline, mitigating immediate threats posed to end users. Continued monitoring and blocking of associated infrastructure are recommended to prevent any resurgence or reuse in similar fraudulent activities.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.208
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["virginia.ns.cloudflare.com", "micah.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019caa8b-aab5-705a-ac2e-4364aa5b0fb8.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/fce54ceb-a9fb-4f3b-8c1b-20e3953bcc26
- PhishDestroy: https://phishdestroy.io/domain/coinbase-connect.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-connect.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-connect.pages.dev/
Last updated: 2026-03-19