# coinbase-extnusin--visit.pages.dev — MALICIOUS

> coinbase-extnusin--visit.pages.dev is a high-risk phishing site impersonating Coinbase. Avoid it to protect your personal and financial data.

## Summary
PhishDestroy identifies coinbase-extnusin--visit.pages.dev as a high-risk phishing domain impersonating the well-known cryptocurrency platform Coinbase. This site was created recently and flagged for social engineering, aiming to deceive users into revealing sensitive information. Such fraudulent sites pose significant dangers, including theft of login credentials, financial loss, and identity compromise.

This phishing scheme works by mimicking Coinbase’s branding and user interface to trick visitors into believing they are on the legitimate platform. The site likely prompts users to enter confidential login details or private keys, which attackers then capture for malicious use. Despite being registered through a reputable registrar, Cloudflare, Inc., the domain is flagged on multiple security blocklists and by Google Safe Browsing, indicating its intent to mislead and defraud.

If you have visited coinbase-extnusin--visit.pages.dev, it is crucial not to enter any personal or financial information. Immediately change your Coinbase account password and enable two-factor authentication if not already active. Monitor your accounts for suspicious activity and consider alerting Coinbase support. Avoid clicking links from unknown sources and rely on official websites to protect yourself from phishing threats like this one.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.79
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["plato.ns.cloudflare.com", "athena.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb675-7d07-76f9-a167-86557b49b8ff.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/648acfc5-30f0-4784-817c-64e88a1f0338
- PhishDestroy: https://phishdestroy.io/domain/coinbase-extnusin--visit.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-extnusin--visit.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-extnusin--visit.pages.dev/
Last updated: 2026-03-19