# coinbase-chrom-ext.pages.dev — MALICIOUS

> High-risk Coinbase impersonation detected on coinbase-chrom-ext.pages.dev. Domain offline. Stay vigilant and avoid interaction with this site.

## Summary
PhishDestroy identifies coinbase-chrom-ext.pages.dev as a high-risk phishing domain impersonating the Coinbase brand. Classified under brand impersonation, the site aims to deceive users by mimicking a trusted cryptocurrency platform to harvest sensitive data. The domain was registered recently on February 21, 2026, indicating a fresh threat leveraging brand trust.

Technical analysis reveals the domain was registered via Cloudflare, Inc. and resolved to IP 172.66.44.106. It appears on three distinct security blocklists and is flagged under Google Safe Browsing’s SOCIAL_ENGINEERING category, confirming malicious intent. Additionally, VirusTotal detections confirm 15 out of 95 security vendors identify the site as suspicious, reinforcing the domain’s high-risk profile.

Currently, coinbase-chrom-ext.pages.dev is offline, with Cloudflare’s protection intercepting access and displaying a suspected phishing warning. PhishDestroy notes that prompt takedown action has mitigated further exposure. Users are urged to remain cautious and verify official URLs when interacting with financial platforms to avoid similar phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.106
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["mark.ns.cloudflare.com", "jewel.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cee56-c801-76f8-a7bf-26447ab0b107.png
- PhishDestroy: https://phishdestroy.io/domain/coinbase-chrom-ext.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-chrom-ext.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-chrom-ext.pages.dev/
Last updated: 2026-03-19