# powerful-coinbase-extension.pages.dev — MALICIOUS

> The domain powerful-coinbase-extension.pages.dev poses high phishing risk. Avoid sharing info and report suspicious activity immediately.

## Summary
PhishDestroy identifies powerful-coinbase-extension.pages.dev as a high-risk phishing domain impersonating the well-known cryptocurrency platform Coinbase. This fraudulent site aims to deceive users by mimicking Coinbase’s brand, potentially leading to theft of sensitive information such as login credentials or financial data. The domain was registered recently in February 2026 and has been flagged on multiple security blocklists, including Google Safe Browsing for social engineering threats.

The phishing attempt works by creating a fake Coinbase extension or interface to lure users into entering their private account details. The domain resolves to an IP address associated with Cloudflare, which is commonly used to mask malicious infrastructure. VirusTotal scans detect suspicious behavior, with 16 out of 95 security vendors flagging the site. The site is currently offline, but the risk remains for users who may have accessed the domain before it was taken down.

If you have visited powerful-coinbase-extension.pages.dev, it is critical to take immediate protective actions. Do not enter any personal or financial information on suspicious sites. Change your Coinbase and related account passwords and enable two-factor authentication if not already active. Monitor your accounts for unauthorized activity and consider running a security scan on your devices. Reporting such phishing attempts to official Coinbase support and security platforms like PhishDestroy helps protect others from similar threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.39
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["watson.ns.cloudflare.com", "athena.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ChainPatrol", "Criminal IP", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c515d-ac8e-71dd-bb8c-c5aad37747d3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/daa0c868-7ed2-4563-b624-4344efd0e7dd
- PhishDestroy: https://phishdestroy.io/domain/powerful-coinbase-extension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/powerful-coinbase-extension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/powerful-coinbase-extension.pages.dev/
Last updated: 2026-03-19