# crome-coinbase--en-us.pages.dev — MALICIOUS

> The domain crome-coinbase--en-us.pages.dev impersonated Coinbase in a high-risk phishing attack. Stay vigilant and avoid suspicious links.

## Summary
PhishDestroy identifies the domain crome-coinbase--en-us.pages.dev as a high-risk brand impersonation phishing site targeting Coinbase users. This domain aimed to deceive victims by mimicking the legitimate Coinbase platform, potentially leading to credential theft or financial loss. Such threats pose significant risks given Coinbase's role in cryptocurrency management, making user protection critical.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to IP address 172.66.44.140. It was flagged by 14 out of 95 VirusTotal security vendors and appeared on three separate security blocklists. Google Safe Browsing classified it under social engineering. Although the domain was active briefly, it has since been taken offline, reducing immediate risk but underscoring the persistence of similar fraudulent infrastructures.

Users should remain vigilant when interacting with Coinbase-related communications, always verifying URLs and avoiding links from unsolicited sources. If suspicious activity or phishing attempts are encountered involving this or related domains, report them immediately to Coinbase and security platforms. Maintaining updated security software and practicing cautious browsing habits remain essential defenses against such brand impersonation threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.140
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["oswald.ns.cloudflare.com", "jule.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd4c3-9b61-738a-aa27-865928b2f876.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3d1f812a-c67c-4189-8d1a-31b9d21cb022
- PhishDestroy: https://phishdestroy.io/domain/crome-coinbase--en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/crome-coinbase--en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/crome-coinbase--en-us.pages.dev/
Last updated: 2026-03-19