# imp-coinbase-extension.pages.dev — MALICIOUS

> imp-coinbase-extension.pages.dev impersonates Coinbase and is flagged for phishing. Avoid interaction and ensure your credentials stay secure.

## Summary
PhishDestroy identifies imp-coinbase-extension.pages.dev as a high-risk domain engaging in brand impersonation targeting Coinbase users. The primary threat involves phishing, aiming to deceive visitors into divulging sensitive information by masquerading as a legitimate Coinbase extension.

This domain was registered recently on February 21, 2026, and is hosted on Cloudflare's infrastructure. It is currently offline after being flagged for social engineering by Google Safe Browsing and appearing on multiple security blocklists. VirusTotal analysis indicates that 13 out of 95 security vendors have detected malicious activity associated with this domain, reinforcing its dangerous nature.

Users are strongly advised to avoid any interaction with imp-coinbase-extension.pages.dev to prevent credential theft or other fraud. Since the domain is offline, immediate risk is mitigated, but vigilance is recommended as attackers may deploy similar tactics using alternate domains. Always verify official sources before entering sensitive information online.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.92
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["aspen.ns.cloudflare.com", "darl.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cee39-6fce-7409-9748-44f4f305ea8d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/725700fd-8f6b-4d56-841f-09eaeeb84210
- PhishDestroy: https://phishdestroy.io/domain/imp-coinbase-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/imp-coinbase-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/imp-coinbase-extension.pages.dev/
Last updated: 2026-03-19