# coinbasswallet-extension.pages.dev — MALICIOUS

> Avoid coinbasswallet-extension.pages.dev — a confirmed high-risk crypto drainer flagged for social engineering. Do not trust or interact with this domain.

## Summary
PhishDestroy identifies coinbasswallet-extension.pages.dev as a high-risk crypto drainer domain designed to steal cryptocurrency assets from unsuspecting users. The domain’s primary threat is to drain wallets by social engineering victims into installing malicious extensions or providing sensitive access credentials. Given its classification and risk level, users should treat this domain with extreme caution and avoid any interaction.

Supporting evidence includes multiple security flags: Google Safe Browsing lists it for social engineering, and VirusTotal reports detections from 15 out of 95 security vendors. The domain resolves to IP 172.66.44.149 and appears on two known security blocklists. Registered through Cloudflare, Inc. on February 21, 2026, coinbasswallet-extension.pages.dev was likely part of a broader phishing infrastructure targeting cryptocurrency users. The domain’s page currently displays “Unavailable For Legal Reasons,” indicating it has been taken offline.

Mitigation steps for users and organizations involve blocking access to this domain in DNS and firewall settings. Security teams should monitor for any unusual wallet activity linked to this or similar domains. PhishDestroy notes that the domain is currently offline, which reduces immediate risk, but vigilance is advised as threat actors often deploy similar replacements. Users are urged never to install suspicious wallet extensions or share private keys with untrusted sources.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 451)
- Page title: Unavailable For Legal Reasons

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.149
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["nova.ns.cloudflare.com", "chuck.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a0144-5012-708d-a526-a52ca8a7d8f6.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/63533fc1-3cdd-4873-82bd-93e34809f93c
- PhishDestroy: https://phishdestroy.io/domain/coinbasswallet-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbasswallet-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbasswallet-extension.pages.dev/
Last updated: 2026-03-19