# coinbasewalleteextension.pages.dev — MALICIOUS

> coinbasewalleteextension.pages.dev is a high-risk crypto drainer flagged for social engineering. Learn how to protect yourself and stay safe online.

## Summary
PhishDestroy identifies coinbasewalleteextension.pages.dev as a high-risk crypto drainer domain designed to steal cryptocurrency assets. This malicious site poses a significant threat to users by attempting to trick individuals into giving up sensitive wallet information. Although currently offline, the domain was flagged by Google Safe Browsing for social engineering and appears on multiple security blocklists.

This phishing scheme operates by masquerading as a legitimate Coinbase wallet extension, enticing users to install malicious software or enter private keys and recovery phrases. Once the victim provides this information, attackers gain access to their crypto wallets and drain funds without consent. The domain was registered through Cloudflare in early 2026, highlighting the growing trend of fraudulent crypto services exploiting trusted platforms.

If you have visited coinbasewalleteextension.pages.dev, it is crucial to immediately review your crypto wallet security. Change your passwords, enable two-factor authentication, and transfer assets to a secure wallet if possible. Avoid clicking suspicious links and verify extensions through official sources only. Stay informed with PhishDestroy to protect your digital assets from evolving crypto scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.203
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["emily.ns.cloudflare.com", "kareem.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc8a0-f24c-75df-98d9-fa3bd109b8e3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4c7adb3d-d751-4a56-8971-3a2c6f9edd62
- PhishDestroy: https://phishdestroy.io/domain/coinbasewalleteextension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbasewalleteextension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbasewalleteextension.pages.dev/
Last updated: 2026-03-19