# welcome-coinbase-io.pages.dev — MALICIOUS

> welcome-coinbase-io.pages.dev is flagged for high-risk generic phishing. Avoid interaction and verify sources to stay safe online.

## Summary
PhishDestroy identifies welcome-coinbase-io.pages.dev as a high-risk domain associated with generic phishing attacks. This domain poses a significant threat to users by attempting to deceive individuals into divulging sensitive information through fraudulent means. The risk level is elevated due to its classification and the nature of the threat, which targets unsuspecting users with social engineering tactics.

Supporting evidence shows that this domain was created recently on February 21, 2026, and registered through Cloudflare, Inc., a common platform for hosting but also frequently abused by malicious actors. The domain appeared on three different security blocklists and was flagged by 14 out of 95 security vendors on VirusTotal, indicating broad consensus about its malicious intent. Additionally, Google Safe Browsing categorizes it under "SOCIAL_ENGINEERING," reinforcing the conclusion that this domain is used for deceptive phishing campaigns.

Currently, welcome-coinbase-io.pages.dev has been taken offline, mitigating immediate risk to users. To protect against similar threats, users should remain vigilant by verifying URLs, avoiding unsolicited links, and using trusted security tools. PhishDestroy recommends ongoing monitoring of related domains and educating users about social engineering tactics to reduce the impact of such phishing schemes.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.5
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["norm.ns.cloudflare.com", "molly.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceaad-3d27-714f-b3d6-d91fd39cd85f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1ab3d065-c102-4cfe-bcca-5b11df8bfa90
- PhishDestroy: https://phishdestroy.io/domain/welcome-coinbase-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/welcome-coinbase-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/welcome-coinbase-io.pages.dev/
Last updated: 2026-03-19