# home-coin-base-extension.pages.dev — MALICIOUS

> home-coin-base-extension.pages.dev is flagged for phishing. Avoid interaction and verify official Coinbase sources to protect your information.

## Summary
PhishDestroy identifies home-coin-base-extension.pages.dev as a high-risk domain engaged in brand impersonation targeting Coinbase users. The threat type is classified as brand impersonation, which is often used to deceive visitors into disclosing sensitive financial data or login credentials by mimicking trusted services.

Supporting evidence includes flags from Google Safe Browsing under SOCIAL_ENGINEERING, presence on three separate security blocklists, and detection by 14 out of 95 VirusTotal participating security vendors. The domain was registered on September 2, 2020, through Cloudflare, Inc., and resolved to the IP address 172.66.44.95. The page title found indicated a suspected phishing site hosted via Cloudflare, which suggests abuse of reputable infrastructure for malicious activity.

Mitigation efforts are evident as the domain is currently offline, preventing further risk to users. PhishDestroy advises users to avoid this domain and only interact with verified official sites of Coinbase. Continuous monitoring of any future similar domains is recommended, as cybercriminals often reuse brand impersonation tactics. This domain’s removal underscores effective takedown processes but vigilance remains essential in protecting user credentials and personal data.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2020-09-02 02:33:29
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.95
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["adi.ns.cloudflare.com", "karl.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "Certego", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a9758-d878-7339-a9ac-41b4b971b344.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1035c63d-b827-4865-82b8-04bfd8f71be6
- PhishDestroy: https://phishdestroy.io/domain/home-coin-base-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/home-coin-base-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/home-coin-base-extension.pages.dev/
Last updated: 2026-03-19