# acces-coinbase-chrome-extension.pages.dev — MALICIOUS

> Acces-coinbase-chrome-extension.pages.dev is a high-risk phishing site impersonating Coinbase. Avoid interaction and stay protected with PhishDestroy insights.

## Summary
PhishDestroy identifies acces-coinbase-chrome-extension.pages.dev as a high-risk brand impersonation domain targeting Coinbase users. The domain was created recently and designed to deceive users into believing it is an official Coinbase extension.

Technically, the domain is registered via Cloudflare, Inc., resolves to IP 172.66.47.120, and has been flagged by Google Safe Browsing for social engineering. It also appears on multiple security blocklists and was detected by 14 out of 95 VirusTotal scanners.

Currently, the domain is offline and inaccessible, reducing immediate risk. Users are advised not to visit or interact with this domain and to remain vigilant against phishing attempts mimicking trusted brands like Coinbase.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.120
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["cory.ns.cloudflare.com", "mary.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd123-8520-743c-b297-ac46106afb24.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/aaa7a904-95bb-4c31-9ddb-b24bd7f051da
- PhishDestroy: https://phishdestroy.io/domain/acces-coinbase-chrome-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/acces-coinbase-chrome-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/acces-coinbase-chrome-extension.pages.dev/
Last updated: 2026-03-19