# secure-logn-cnbase-learn.pages.dev — MALICIOUS

> Beware of the phishing domain secure-logn-cnbase-learn.pages.dev. Avoid entering credentials and report suspicious activity immediately.

## Summary
PhishDestroy identifies secure-logn-cnbase-learn.pages.dev as a high-risk credential phishing domain. Classified under social engineering threats, this domain was created on February 21, 2026, and used to deceive users into revealing sensitive login information under false pretenses. Its naming mimics legitimate login portals, increasing the likelihood of user confusion.

Technical analysis reveals that secure-logn-cnbase-learn.pages.dev was registered via Cloudflare, Inc., leveraging their pages.dev hosting service to mask malicious intent. The domain appeared on three distinct security blocklists and was flagged by Google Safe Browsing for social engineering. VirusTotal scans show detection by 15 out of 95 antivirus engines, supporting its classification as a phishing threat. The infrastructure indicates a likely short-lived campaign designed to harvest credentials before takedown.

Currently, secure-logn-cnbase-learn.pages.dev is offline following takedown efforts. Despite its removal, users should remain vigilant for similar phishing attempts using deceptive domain names. PhishDestroy recommends avoiding interaction with suspicious URLs, verifying website authenticity, and reporting any credential compromise immediately to minimize exposure to ongoing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.164
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["becky.ns.cloudflare.com", "frank.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aa3d9-95fd-773c-a12a-55d065ed8efd.png
- PhishDestroy: https://phishdestroy.io/domain/secure-logn-cnbase-learn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/secure-logn-cnbase-learn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secure-logn-cnbase-learn.pages.dev/
Last updated: 2026-03-19