# coinbase-start-en.pages.dev — MALICIOUS

> coinbase-start-en.pages.dev is flagged as a high-risk phishing domain. Avoid interaction as it mimics Coinbase to steal data.

## Summary
PhishDestroy identifies coinbase-start-en.pages.dev as a high-risk generic phishing threat targeting users with deceptive intent. The domain seeks to impersonate legitimate Coinbase services to trick users into revealing sensitive information.

This domain was registered recently through Cloudflare, Inc. and is flagged by Google Safe Browsing for social engineering. It appears on multiple security blocklists, with over a dozen security vendors marking it as suspicious. The site is currently offline, reducing immediate exposure.

Users should avoid visiting or interacting with this domain. As it is taken offline, the risk is mitigated but vigilance remains critical. PhishDestroy recommends using updated security tools and checking domain reputations before engagement.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.101
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["nola.ns.cloudflare.com", "milan.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc4ed-5c60-754a-9b98-dcd3fb7664c4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/facac9d4-6c98-4705-9f99-5aeb97bb8ea4
- PhishDestroy: https://phishdestroy.io/domain/coinbase-start-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-start-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-start-en.pages.dev/
Last updated: 2026-03-19