# coinbase-wallet-en-x-us.pages.dev — MALICIOUS

> coinbase-wallet-en-x-us.pages.dev is a high-risk crypto drainer flagged for social engineering. Stay vigilant and avoid this phishing domain now.

## Summary
PhishDestroy identifies coinbase-wallet-en-x-us.pages.dev as a high-risk crypto drainer phishing domain targeting cryptocurrency users. This domain was designed to steal wallet credentials and drain digital assets, posing a significant threat to victims' financial security.

Supporting evidence includes detection by 14 out of 95 VirusTotal scanners and classification as a SOCIAL_ENGINEERING threat by Google Safe Browsing. The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and appeared on three separate security blocklists, indicating broad recognition of its malicious intent. Its use of the 'pages.dev' subdomain suggests exploitation of legitimate hosting platforms to deceive users.

Currently, the domain is taken offline, reducing immediate risk. Users are strongly advised to remain cautious of similar domains and avoid providing sensitive information on suspicious sites. Continuous monitoring and prompt blocking by security vendors help mitigate this threat, but users should maintain vigilance against emerging crypto phishing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.135
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["alexandra.ns.cloudflare.com", "otto.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019caf80-43b2-73dd-bc38-35fc8c466dcd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/57a4c11d-ddf9-4ae0-b52b-efa8ae19fa88
- PhishDestroy: https://phishdestroy.io/domain/coinbase-wallet-en-x-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-wallet-en-x-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-wallet-en-x-us.pages.dev/
Last updated: 2026-03-19