# coin-base-browser-extensio.pages.dev — SUSPICIOUS

> coin-base-browser-extensio.pages.dev Chrome extension scam spotted. 1/95 VirusTotal detections. Full threat analysis available. Check the full report.

## Summary
PhishDestroy identifies coin-base-browser-extensio.pages.dev as a browser extension posing as a legitimate Coinbase tool to steal cryptocurrency credentials. This malicious extension mimics Coinbase’s branding to trick users into installing it, granting attackers access to private keys and wallet data once permissions are granted. The threat is elevated due to its use of Cloudflare’s infrastructure to host the fake extension, increasing its credibility and distribution potential.


This domain was flagged by only 1 out of 95 VirusTotal security vendors, despite its clear impersonation of Coinbase’s official services. Registered through Cloudflare, Inc., the domain resolves to IP 172.66.47.182 and leverages a Google Trust Services SSL certificate to appear legitimate. Its Pages.dev subdomain suggests an attempt to exploit free hosting services for quick deployment, a common tactic among phishing operators targeting cryptocurrency users.


Users who visited or installed this extension should immediately revoke any granted permissions, uninstall the extension, and scan their devices for malware. If credentials were entered, assume they are compromised and transfer funds to a new wallet immediately. Report the domain to Coinbase and update browser security settings to block future access. Avoid downloading browser extensions from unofficial sources, especially those mimicking financial platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Coinbase

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.182

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d4351485-2617-453d-862d-4bea81b26a65
- PhishDestroy: https://phishdestroy.io/domain/coin-base-browser-extensio.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coin-base-browser-extensio.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coin-base-browser-extensio.pages.dev/
Last updated: 2026-03-26