# coinbase-browsr-extension.pages.dev — MALICIOUS

> Discover why coinbase-browsr-extension.pages.dev is flagged as a high-risk Coinbase impersonation and what to do if you visited it.

## Summary
PhishDestroy identifies coinbase-browsr-extension.pages.dev as a high-risk phishing site impersonating the well-known Coinbase brand. The domain is flagged on multiple security blocklists and has alerts from Google Safe Browsing for social engineering tactics that aim to deceive users into revealing sensitive information.

This phishing attempt works by mimicking Coinbase's branding and online presence to trick visitors into thinking they are interacting with the legitimate service. The site may prompt users to enter private login credentials or financial details, which attackers can then exploit for fraud or identity theft. The domain was created recently and registered through Cloudflare, a common tactic used to obscure malicious activity.

If you have visited this site, it is important to avoid providing any personal or financial information. Immediately change your Coinbase password and enable two-factor authentication to secure your account. Additionally, monitor your financial statements for unusual activity and consider running a security scan on your device. PhishDestroy recommends reporting the incident to Coinbase and your local cybercrime authorities to help prevent further victimization.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.109
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["aron.ns.cloudflare.com", "mustafa.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc075-aff5-7563-a66a-474a8ffdf562.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b0e574db-b2c4-4985-9164-674ab7adc4b0
- PhishDestroy: https://phishdestroy.io/domain/coinbase-browsr-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-browsr-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-browsr-extension.pages.dev/
Last updated: 2026-03-19