# faq-coin-base-en.pages.dev — MALICIOUS

> Explore the threat posed by faq-coin-base-en.pages.dev, a high-risk phishing site taken offline after multiple security flags.

## Summary
PhishDestroy identifies faq-coin-base-en.pages.dev as a high-risk generic phishing domain designed to deceive users, particularly targeting cryptocurrency interests. The threat level is elevated due to its impersonation potential and presence on multiple security blocklists, indicating active malicious use.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.47.65, which is associated with Cloudflare's infrastructure. It has a Gridinsoft trust score of 0/100 and is flagged by 13 out of 95 security vendors on VirusTotal. Additionally, Google Safe Browsing has identified this domain for social engineering threats, reinforcing its risk profile. Its inclusion on three separate security blocklists further corroborates the domain’s phishing activity.

Currently, faq-coin-base-en.pages.dev has been taken offline, mitigating immediate risks to potential victims. Users are advised to remain vigilant against similarly named domains mimicking legitimate cryptocurrency services. Organizations should continue to monitor for variants and apply email and web filters to prevent phishing attacks. The comprehensive evidence from multiple sources supports a firm conclusion that this domain was engaged in phishing operations aimed at credential theft or fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.65
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["faye.ns.cloudflare.com", "terin.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ad202-1cda-778f-8adb-9b2164ab90c3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/cf160437-cbc0-4f12-937d-a6603e79a179
- PhishDestroy: https://phishdestroy.io/domain/faq-coin-base-en.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/faq-coin-base-en.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faq-coin-base-en.pages.dev/
Last updated: 2026-03-19