# coinbase-io-net.pages.dev — MALICIOUS

> coinbase-io-net.pages.dev is a high-risk phishing site impersonating Coinbase. Avoid this domain to protect your assets. Check PhishDestroy for updates.

## Summary
PhishDestroy identifies coinbase-io-net.pages.dev as a high-risk phishing domain engaging in brand impersonation targeting Coinbase users. Classified under brand impersonation threats, this domain attempts to deceive visitors by mimicking Coinbase’s branding and interface to harvest sensitive information. The page title "Suspected phishing site | Cloudflare" further confirms its malicious intent.

Technically, the domain was created recently on February 21, 2026, and is registered through Cloudflare, Inc. It resolves to the IP address 172.66.44.173. Google Safe Browsing flags this domain with a SOCIAL_ENGINEERING warning, and it appears on three separate security blocklists. VirusTotal analysis identifies 14 out of 95 security vendors flagging the domain as suspicious or malicious, reinforcing its classification as a phishing threat.

Currently, coinbase-io-net.pages.dev is offline, indicating that response measures have been effective in taking down the phishing infrastructure. PhishDestroy recommends continued vigilance as threat actors may attempt to relaunch under different domains. Users should avoid interacting with this domain and verify URLs carefully when accessing Coinbase services to prevent credential theft or financial loss.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.173
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["sri.ns.cloudflare.com", "nora.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c9942-c450-728f-8d3e-2130a250aabf.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/68c3dd20-da6a-496d-b996-7435e805aa15
- PhishDestroy: https://phishdestroy.io/domain/coinbase-io-net.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-io-net.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-io-net.pages.dev/
Last updated: 2026-03-19