# coinbase-chrome-extenn.pages.dev — MALICIOUS

> Discover why coinbase-chrome-extenn.pages.dev is flagged as high-risk phishing. Stay informed and protect your crypto assets now.

## Summary
PhishDestroy identifies coinbase-chrome-extenn.pages.dev as a high-risk domain involved in generic phishing activities. The domain poses a significant threat to users, especially those engaged in cryptocurrency transactions, by attempting to deceive victims into divulging sensitive information.

This domain was registered through Cloudflare, Inc. on February 21, 2026, and has since been flagged by multiple security services. It appears on three prominent security blocklists and is marked by Google Safe Browsing as a social engineering threat. Additionally, 13 out of 95 antivirus vendors on VirusTotal have detected malicious activity associated with this domain, underscoring its malicious intent and widespread recognition among security providers.

Currently, coinbase-chrome-extenn.pages.dev has been taken offline, reducing immediate risk to users. To mitigate potential harm, users should avoid interacting with suspicious URLs mimicking legitimate services like Coinbase. Organizations are advised to update their threat intelligence feeds to block this domain and educate users about phishing attempts leveraging fake browser extensions and deceptive URLs.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.60
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["aspen.ns.cloudflare.com", "darl.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cee59-d3bd-7166-971f-6cc11044efc6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a17fe4d0-900e-4a52-b97f-d32b148d8674
- PhishDestroy: https://phishdestroy.io/domain/coinbase-chrome-extenn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-chrome-extenn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-chrome-extenn.pages.dev/
Last updated: 2026-03-19