# coinbase-chrome-learn.pages.dev — MALICIOUS

> coinbase-chrome-learn.pages.dev is a high-risk phishing domain impersonating Coinbase. Avoid interacting and report suspicious sites to protect your data.

## Summary
PhishDestroy identifies coinbase-chrome-learn.pages.dev as a high-risk phishing domain designed to impersonate the legitimate Coinbase brand. This type of threat poses serious risks by attempting to deceive users into divulging sensitive information such as login credentials or financial data. Brand impersonation attacks like this can lead to identity theft and financial loss, making awareness and caution critical for users seeking to interact with cryptocurrency services.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolves to IP address 172.66.44.197. It has been flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category and appears on three distinct security blocklists. Additionally, 14 out of 95 security vendors on VirusTotal have identified it as malicious. The domain was taken offline after detection, and the Cloudflare-hosted page displayed a warning titled "Suspected phishing site | Cloudflare," indicating swift action was taken to mitigate the threat.

Users are strongly advised to avoid visiting coinbase-chrome-learn.pages.dev or providing any personal or financial information if they have already accessed it. Always verify website URLs carefully and prefer accessing Coinbase services through official channels only. Reporting suspicious domains to security platforms and enabling browser phishing protections are recommended steps to enhance personal cybersecurity. Staying vigilant can prevent falling victim to scams leveraging brand impersonation tactics such as this.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.197
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kayleigh.ns.cloudflare.com", "dan.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce25b-45aa-76f8-9211-b1bd3ff5b457.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ea8c7001-e2f3-4b45-9626-618baefd942f
- PhishDestroy: https://phishdestroy.io/domain/coinbase-chrome-learn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-chrome-learn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-chrome-learn.pages.dev/
Last updated: 2026-03-19