# coinbase-exten-portal.pages.dev — MALICIOUS

> Warning: coinbase-exten-portal.pages.dev is flagged for phishing and social engineering. Avoid this domain; it is offline but risky.

## Summary
PhishDestroy identifies coinbase-exten-portal.pages.dev as a high-risk phishing domain designed to deceive users by mimicking legitimate services. Phishing attacks like this aim to steal sensitive information such as login credentials and financial data.

The domain was registered via Cloudflare, Inc. and was active until recently before being taken offline. It appeared on multiple security blocklists and is flagged by Google Safe Browsing for social engineering, confirming its malicious intent.

Users should avoid visiting or interacting with coinbase-exten-portal.pages.dev. If exposed, they should verify their accounts for suspicious activity and use trusted official platforms only.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.84
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["pearl.ns.cloudflare.com", "moura.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cba97-c640-768f-bcef-d29f8eb2ee61.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/762e1732-c807-49b2-863b-9c0cbd9caf71
- PhishDestroy: https://phishdestroy.io/domain/coinbase-exten-portal.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-exten-portal.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-exten-portal.pages.dev/
Last updated: 2026-03-19