# com-coinbase-en.pages.dev — MALICIOUS

> com-coinbase-en.pages.dev is a high-risk phishing site impersonating Coinbase. Stay alert and avoid interacting with this domain to protect your assets.

## Summary
PhishDestroy identifies com-coinbase-en.pages.dev as a high-risk brand impersonation threat targeting Coinbase users. The domain's primary malicious purpose is to deceive visitors by mimicking Coinbase's official presence, aiming to extract sensitive information through social engineering tactics.

Supporting this assessment, the domain was created recently on February 21, 2026, and is registered through Cloudflare, Inc., which sometimes is used by threat actors for fast domain provisioning. It resolves to the IP address 172.66.44.254 and has been flagged on three separate security blocklists. Google Safe Browsing labels it as a SOCIAL_ENGINEERING threat, and VirusTotal scans indicate that 13 out of 95 security vendors detect suspicious activity. The page title encountered during scans highlights it as a suspected phishing site hosted on Cloudflare infrastructure.

Currently, com-coinbase-en.pages.dev has been taken offline, mitigating immediate risk to users. PhishDestroy recommends users remain vigilant against similar impersonation schemes by verifying URLs before submitting credentials and relying on official Coinbase communication channels. Continuous monitoring and blocking of such domains are critical to maintaining user safety and preventing credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.254
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["opal.ns.cloudflare.com", "emerson.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceb36-ee3c-70fa-a006-4633dd65bca0.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a3dd1f10-9251-4782-84c3-a6c58797d3db
- PhishDestroy: https://phishdestroy.io/domain/com-coinbase-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/com-coinbase-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/com-coinbase-en.pages.dev/
Last updated: 2026-03-19