# coiinbasewalleetextension.webflow.io — MALICIOUS

> coiinbasewalleetextension.webflow.io is flagged for social engineering risks. Avoid interaction and verify before entering sensitive info to stay safe online.

## Summary
PhishDestroy identifies coiinbasewalleetextension.webflow.io as a potentially malicious domain categorized under generic phishing. The domain is currently marked as active and under investigation, linked to social engineering tactics as flagged by Google Safe Browsing. Despite the suspicious nature, VirusTotal scans reveal zero detections by security vendors, indicating it is newly recognized or employing subtle evasion techniques. The domain name mimics legitimate cryptocurrency services, likely aiming to deceive users into divulging sensitive wallet credentials or personal data.

From a technical perspective, the domain resolves to the IP address 104.18.36.248, which belongs to the Cloudflare network, a common hosting provider that can complicate direct attribution. The use of the Webflow.io subdomain suggests it is hosted on a website-building platform, a tactic frequently used by threat actors to quickly deploy phishing pages without owning dedicated infrastructure. The absence of detection by VirusTotal combined with the Google Safe Browsing social engineering flag highlights the need for ongoing monitoring and deeper forensic analysis.

Currently, the domain remains active and is listed as under investigation by PhishDestroy. Users are strongly advised to avoid interacting with this domain or submitting any personal or wallet-related information. Security teams should consider blocking or monitoring this domain for potential phishing attempts. Continued vigilance and reporting will assist in tracking the evolution of this threat and help protect the community from possible credential theft or fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Coinbase
- Page title: Coinbase Wallet Extension - Your key to the world of crypto

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "DNS8", "ESET", "Forcepoint ThreatSeeker", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc28b-ab52-705e-8768-533c1396c40c.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/coiinbasewalleetextension.webflow.io
- Wayback Machine: https://web.archive.org/web/https://coiinbasewalleetextension.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/coiinbasewalleetextension.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/coiinbasewalleetextension.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coiinbasewalleetextension.webflow.io/
Last updated: 2026-03-19