# web-coinbaseextensionn.pages.dev — MALICIOUS

> web-coinbaseextensionn.pages.dev mimics Coinbase to steal data. This high-risk domain is offline now. Stay alert and avoid phishing attempts.

## Summary
PhishDestroy identifies web-coinbaseextensionn.pages.dev as a high-risk brand impersonation domain targeting Coinbase users. It serves as a phishing platform designed to deceive visitors by mimicking a legitimate service.

The domain was registered on February 21, 2026, via Cloudflare, Inc. It resolves to IP 172.66.45.10 and appears on multiple security blocklists. Google Safe Browsing classifies it under social engineering, while VirusTotal reports 14 security vendors flagging it.

Currently, the domain is offline, which reduces immediate risk. Users should remain cautious with unsolicited links and verify official Coinbase channels. Continuous monitoring is advised to prevent similar threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.10
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["stella.ns.cloudflare.com", "jarred.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd46e-a81e-746a-88e4-73cf75495f37.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/aec0e5e2-85e8-42f2-93fa-7b03ce6d8dce
- PhishDestroy: https://phishdestroy.io/domain/web-coinbaseextensionn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/web-coinbaseextensionn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web-coinbaseextensionn.pages.dev/
Last updated: 2026-03-19