# secure-coinbase-io-extensio.pages.dev — MALICIOUS

> Avoid secure-coinbase-io-extensio.pages.dev, a phishing domain impersonating Coinbase. Site is offline after multiple security flags.

## Summary
PhishDestroy identifies secure-coinbase-io-extensio.pages.dev as a high-risk phishing domain impersonating the Coinbase brand to deceive users. This type of brand impersonation is dangerous because it can lead to theft of sensitive information such as login credentials and financial data, exposing victims to monetary loss and identity theft.

The domain was registered on September 2, 2020, through Cloudflare, Inc., and was hosted on IP address 172.66.47.72. It appeared on multiple security blocklists and was flagged by Google Safe Browsing for social engineering attempts. VirusTotal analysis detected 15 security vendors marking it malicious. The page title indicated a suspected phishing site, and the domain is currently offline, mitigating immediate risk.

Users should remain cautious and avoid interacting with this domain or any similar URLs that attempt to mimic Coinbase. Always verify website authenticity through official channels and never provide personal or financial information on suspicious sites. Employ updated security software and report any fraudulent domains to help protect the broader community.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2020-09-02 02:33:29
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.72
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["adi.ns.cloudflare.com", "karl.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd13d-6fdb-719d-aa86-97552289ef35.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/b47a2baf-133b-4287-82a3-3524578caee0
- PhishDestroy: https://phishdestroy.io/domain/secure-coinbase-io-extensio.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/secure-coinbase-io-extensio.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secure-coinbase-io-extensio.pages.dev/
Last updated: 2026-03-19