# coinbase-exten-sion-us.pages.dev — MALICIOUS

> Warning: The phishing domain coinbase-exten-sion-us.pages.dev is offline but was flagged for impersonating Coinbase. Avoid clicking suspicious links.

## Summary
PhishDestroy identifies coinbase-exten-sion-us.pages.dev as a high-risk generic phishing domain targeting cryptocurrency users by impersonating Coinbase. The domain was created on February 21, 2026 and registered through Cloudflare, Inc.

Technical indicators include detection on three security blocklists and a Google Safe Browsing designation for social engineering. VirusTotal flags 13 out of 95 vendors for malicious activity linked to this domain, confirming its role in deceptive attacks.

Currently, coinbase-exten-sion-us.pages.dev is offline following takedown actions. Users should remain vigilant against similar domains and avoid engaging with unsolicited crypto-related links to prevent credential compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.174
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ollie.ns.cloudflare.com", "henry.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd346-d212-75d3-8140-4c6914b44a50.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1c57d591-7504-432e-be3a-59c40d068560
- PhishDestroy: https://phishdestroy.io/domain/coinbase-exten-sion-us.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-exten-sion-us.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-exten-sion-us.pages.dev/
Last updated: 2026-03-19