# coinbascom-wallet-extension-en-us.pages.dev — MALICIOUS

> Discover why coinbascom-wallet-extension-en-us.pages.dev is flagged as a high-risk crypto drainer and learn about its current offline status and safety measures.

## Summary
PhishDestroy identifies coinbascom-wallet-extension-en-us.pages.dev as a high-risk crypto drainer domain. This domain was designed to target cryptocurrency users through fraudulent wallet extensions, aiming to steal digital assets by draining victims' crypto funds. The threat level is classified as high due to its clear malicious intent and its potential to cause significant financial loss to unsuspecting users.

Supporting evidence includes the domain's registration through Cloudflare, Inc., and its creation date on February 21, 2026, which indicates a recent setup potentially to evade long-term detection. The domain resolves to IP address 172.66.47.88 and has been flagged by 14 out of 95 security vendors on VirusTotal. Additionally, Google Safe Browsing categorizes it under SOCIAL_ENGINEERING, and the domain appears on three separate security blocklists. These indicators collectively reinforce the malicious nature of the infrastructure behind this domain.

Currently, PhishDestroy notes that coinbascom-wallet-extension-en-us.pages.dev is taken offline, reducing immediate risk to users. To mitigate threats from similar domains, users should avoid interacting with unsolicited wallet extension links and verify sources before downloading crypto tools. Security teams are advised to monitor infrastructure trends and maintain updated blocklists to prevent access to such crypto-draining phishing sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.88
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["sureena.ns.cloudflare.com", "huxley.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a9d44-d1e6-776f-9eb0-5292dc5eba24.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a54abb77-2a0a-4964-902f-119f8f3723d9
- PhishDestroy: https://phishdestroy.io/domain/coinbascom-wallet-extension-en-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbascom-wallet-extension-en-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbascom-wallet-extension-en-us.pages.dev/
Last updated: 2026-03-19