# en-coinbase-log-web.pages.dev — MALICIOUS

> Warning: en-coinbase-log-web.pages.dev is a high-risk phishing site. Avoid sharing personal info and report suspicious activity immediately.

## Summary
PhishDestroy identifies en-coinbase-log-web.pages.dev as a high-risk generic phishing domain designed to impersonate legitimate cryptocurrency services. This threat poses significant risks to users by attempting to steal sensitive credentials and personal information, potentially leading to financial loss and identity theft. The urgency stems from the domain's targeting of Coinbase users, a popular cryptocurrency platform, amplifying the impact of successful attacks.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and despite being active for a short period, it was flagged by 13 security vendors on VirusTotal and appeared on three security blocklists. The domain utilized Cloudflare's infrastructure, likely to leverage its CDN and SSL services to appear legitimate and bypass basic security filters. Currently, the domain is offline, but its prior activity underscores the ongoing threat posed by rapidly created phishing sites exploiting popular brand names.

Users are strongly advised to remain vigilant and avoid interacting with suspicious links claiming to be from Coinbase or related services. Always verify URLs carefully and access accounts only through official websites or trusted apps. If users suspect they have visited this domain or entered credentials, they should immediately change their passwords and enable multi-factor authentication. Reporting such phishing attempts to security teams and platforms like PhishDestroy helps protect the broader community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.112
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["opal.ns.cloudflare.com", "emerson.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceb90-7b3a-7719-807f-a1d6ca32cd72.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1b1aa987-7250-492d-bedb-226f4118adc4
- PhishDestroy: https://phishdestroy.io/domain/en-coinbase-log-web.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-coinbase-log-web.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-coinbase-log-web.pages.dev/
Last updated: 2026-03-19