# extension-coin-base-com.pages.dev — MALICIOUS

> extension-coin-base-com.pages.dev is flagged for phishing and social engineering. Avoid interaction; domain is offline but previously risky.

## Summary
PhishDestroy identifies extension-coin-base-com.pages.dev as a high-risk phishing domain designed to deceive users into revealing sensitive information. The domain is associated with generic phishing tactics and has been flagged for social engineering, indicating attempts to manipulate users through fraudulent means.

The domain was registered recently on February 21, 2026, via Cloudflare, Inc., and hosted on a pages.dev subdomain, which can lend a false sense of legitimacy. It appears on three security blocklists and has been detected by 14 out of 95 VirusTotal security vendors for malicious activity. These indicators strongly suggest coordinated fraudulent infrastructure aimed at cryptocurrency-related scams.

Currently, extension-coin-base-com.pages.dev is offline, mitigating immediate risk. However, users should remain vigilant and avoid interacting with similar suspicious domains, especially those mimicking well-known cryptocurrency platforms. Organizations are advised to update their blocklists and educate users about the risks of phishing sites using cloud-hosted subdomains.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.254
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["riya.ns.cloudflare.com", "drew.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ca96e-0029-71df-83c9-e47e5ff9c018.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3f3610fe-767f-4e89-aef1-4f7915c577b9
- PhishDestroy: https://phishdestroy.io/domain/extension-coin-base-com.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/extension-coin-base-com.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/extension-coin-base-com.pages.dev/
Last updated: 2026-03-19