# coinbase-chrome-extensi-on.pages.dev — MALICIOUS

> Check coinbase-chrome-extensi-on.pages.dev for phishing risks. This Coinbase impersonation domain is flagged for social engineering and now offline.

## Summary
PhishDestroy identifies coinbase-chrome-extensi-on.pages.dev as a high-risk brand impersonation domain targeting Coinbase users. Classified under social engineering threats, it attempts to deceive visitors by mimicking a trusted crypto platform.

The domain resolved to IP 172.66.44.217 and was registered through Cloudflare, Inc. Created recently on February 21, 2026, it appears on multiple security blocklists and is flagged by Google Safe Browsing for social engineering. VirusTotal reports 14 detections among 95 vendors, confirming its malicious intent.

Currently, the domain status is offline, indicating a takedown response. PhishDestroy recommends caution and avoidance of this URL to prevent credential theft or fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.217
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["meadow.ns.cloudflare.com", "david.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc8a9-4086-7036-932c-0c52fb220ccb.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7615ce1a-c471-42a6-a23f-daac9a13dfad
- PhishDestroy: https://phishdestroy.io/domain/coinbase-chrome-extensi-on.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-chrome-extensi-on.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-chrome-extensi-on.pages.dev/
Last updated: 2026-03-19