# exten-coinbase-learn.pages.dev — MALICIOUS

> Exten-coinbase-learn.pages.dev is a high-risk phishing site impersonating Coinbase. Avoid interacting and report suspicious activity immediately.

## Summary
PhishDestroy identifies exten-coinbase-learn.pages.dev as a high-risk phishing domain targeting Coinbase users. It attempts to deceive users by mimicking the Coinbase brand, posing significant social engineering threats.

The domain was created on February 21, 2026, and is registered via Cloudflare, Inc. It resolves to IP address 172.66.47.178. The domain is flagged by Google Safe Browsing for social engineering and appears on multiple security blocklists. VirusTotal analysis detected malicious activity from 14 out of 95 security vendors.

Currently, the domain is offline and inaccessible. Users are strongly advised to avoid interacting with this site or providing any personal information. Reporting suspicious domains and enabling multi-factor authentication on Coinbase accounts can further enhance security.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.178
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["frank.ns.cloudflare.com", "jean.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c6f7d-ea13-712a-91c0-2b46b5f6ee6e.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/90c32b4b-1ba3-4baa-8cc4-41c2e35d4287
- PhishDestroy: https://phishdestroy.io/domain/exten-coinbase-learn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/exten-coinbase-learn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/exten-coinbase-learn.pages.dev/
Last updated: 2026-03-19