# coinbase.hrbwya.com — SUSPICIOUS

> coinbase.hrbwya.com is a crypto drainer impersonating Coinbase. Only 0/95 VirusTotal engines flagged it despite Let's Encrypt SSL. Act now.

## Summary
PhishDestroy identifies coinbase.hrbwya.com as an active crypto drainer masquerading as the legitimate cryptocurrency exchange Coinbase. This deceptive domain was registered on September 20, 2025, through Cloud Yuqu LLC and currently resolves to IP address 154.89.71.217. Its SSL certificate issued by Let’s Encrypt creates a false sense of security, while VirusTotal currently shows zero detections out of 95 scan engines, delaying public awareness of the threat.  This domain poses a severe risk to cryptocurrency users by mimicking Coinbase’s branding to trick visitors into connecting crypto wallets or entering login credentials. Crypto drainers are automated tools that silently siphon assets once permissions are granted, often without visible transaction alerts. The recent domain registration date and low detection rate suggest this campaign is newly launched and likely spreading via phishing emails, social media, or spoofed ads targeting crypto investors.  If you visited coinbase.hrbwya.com, disconnect your wallet immediately, revoke any connected permissions, and transfer remaining assets to a secure, offline wallet. Run a full antivirus scan and consider changing passwords on all financial accounts. Report the domain to Coinbase and your local cybercrime unit to help block further abuse. Avoid interacting with unsolicited links and always verify URLs through official channels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Coinbase

## Domain Intelligence
- Registered: 2025-09-20 05:39:09
- Registrar: Cloud Yuqu LLC
- IP: 154.89.71.217

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/coinbase.hrbwya.com
- PhishDestroy: https://phishdestroy.io/domain/coinbase.hrbwya.com/
- LLM endpoint: https://phishdestroy.io/domain/coinbase.hrbwya.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase.hrbwya.com/
Last updated: 2026-04-04