# coinbase-service-help.pages.dev — MALICIOUS

> coinbase-service-help.pages.dev is a high-risk phishing site impersonating Coinbase. Avoid it and secure your accounts. Learn more on PhishDestroy.

## Summary
PhishDestroy identifies coinbase-service-help.pages.dev as a high-risk phishing domain impersonating the well-known cryptocurrency platform Coinbase. This site was created recently and flagged for social engineering, appearing on multiple security blocklists. Its purpose is to trick users into believing it is an official Coinbase resource, putting personal and financial information at significant risk.

This phishing scheme works by mimicking the appearance and branding of Coinbase, deceiving visitors into entering sensitive data such as login credentials and private keys. The domain was flagged by Google Safe Browsing and 14 security vendors on VirusTotal, confirming its malicious intent. Although the site has since been taken offline, users should remain vigilant for similar scams that exploit trusted brands.

If you visited coinbase-service-help.pages.dev, it is crucial to immediately change any affected passwords and enable two-factor authentication on your Coinbase account. Monitor your financial statements for unauthorized activity and report any suspicious behavior to Coinbase support. Always verify URLs carefully before providing any credentials and rely on official channels to access your accounts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.120
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["matteo.ns.cloudflare.com", "aria.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccf73-95e4-7128-8dd6-882b98829c03.png
- PhishDestroy: https://phishdestroy.io/domain/coinbase-service-help.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-service-help.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-service-help.pages.dev/
Last updated: 2026-03-19