# portal-web-coinbase-cdn.pages.dev — MALICIOUS

> portal-web-coinbase-cdn.pages.dev impersonates Coinbase to steal data. Avoid this site and verify URLs before entering sensitive info.

## Summary
PhishDestroy classifies portal-web-coinbase-cdn.pages.dev as a high-risk threat due to its brand impersonation tactics targeting Coinbase users. This domain was created with the intent of deceiving individuals by mimicking the trusted Coinbase brand, exposing victims to potential credential theft and financial compromise.

Supporting this assessment, the domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to IP 172.66.47.165. Multiple security vendors flagged this domain, with 14 out of 95 VirusTotal engines identifying suspicious activity. It also appears on three separate security blocklists, and Google Safe Browsing categorizes it as a social engineering threat. Notably, the page title indicated it was a suspected phishing site, reinforcing its malicious purpose.

Currently, portal-web-coinbase-cdn.pages.dev is offline, indicating some mitigation has taken place. Users are advised to remain vigilant by double-checking URLs and avoiding links from untrusted sources claiming association with Coinbase. PhishDestroy recommends employing multi-factor authentication and monitoring accounts for unusual activity to reduce risk from similar phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.165
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["thaddeus.ns.cloudflare.com", "raphaela.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc76b-f85f-74f5-b828-0d35bd10537a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/36548e8b-9762-47f1-a28e-c882d9a80e81
- PhishDestroy: https://phishdestroy.io/domain/portal-web-coinbase-cdn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/portal-web-coinbase-cdn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/portal-web-coinbase-cdn.pages.dev/
Last updated: 2026-03-19