# extecoinbasecom.pages.dev — MALICIOUS

> extecoinbasecom.pages.dev poses a high-risk phishing threat impersonating Coinbase. Learn key indicators and current offline status here.

## Summary
PhishDestroy identifies extecoinbasecom.pages.dev as a high-risk phishing domain classified under brand impersonation, specifically targeting Coinbase users. The domain aims to deceive visitors by mimicking the trusted cryptocurrency platform, potentially harvesting sensitive credentials through fraudulent means.

Technically, the domain was registered recently on February 21, 2026, through Cloudflare, Inc. It resolved to the IP address 172.66.44.175 and appeared on three separate security blocklists, highlighting its suspicious nature. VirusTotal scans flagged the domain by 13 out of 95 security vendors, reinforcing its malicious intent. The page title "Suspected phishing site | Cloudflare" further confirms its deceptive design crafted to exploit Coinbase's reputation.

As of now, extecoinbasecom.pages.dev has been taken offline, mitigating immediate risks to users. PhishDestroy continues to monitor the domain’s infrastructure and any potential resurgence. This prompt takedown demonstrates effective response efforts, but users are cautioned to remain vigilant against similar brand impersonation threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.175
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["devin.ns.cloudflare.com", "beth.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c96bd-fd28-773b-b657-d575db769fcd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9b23feb8-489c-4fb7-b79f-739775cfeb69
- PhishDestroy: https://phishdestroy.io/domain/extecoinbasecom.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/extecoinbasecom.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/extecoinbasecom.pages.dev/
Last updated: 2026-03-19