# browser-coinbase-io-extension-us.pages.dev — MALICIOUS

> Warning: browser-coinbase-io-extension-us.pages.dev is a phishing site pretending to be Coinbase. Avoid this domain to protect your credentials and funds.

## Summary
PhishDestroy identifies browser-coinbase-io-extension-us.pages.dev as a high-risk phishing domain targeting Coinbase users. It poses a significant danger by attempting to steal sensitive login information through brand impersonation.

This phishing site mimics Coinbase’s branding to deceive users into entering their credentials, potentially leading to unauthorized access to their accounts and financial loss. The domain was flagged for social engineering and appears on multiple blocklists, confirming its malicious intent.

If you have visited this site, immediately change your Coinbase password and enable two-factor authentication. Monitor your accounts for suspicious activity and avoid interacting with any unsolicited messages claiming to be from Coinbase.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.205
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["susan.ns.cloudflare.com", "dakota.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc731-634d-7710-a13a-d70075a6bfed.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f2006296-1cfe-46b9-8647-ff17524afa30
- PhishDestroy: https://phishdestroy.io/domain/browser-coinbase-io-extension-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/browser-coinbase-io-extension-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/browser-coinbase-io-extension-us.pages.dev/
Last updated: 2026-03-19