# coiin-base-ex-tension.pages.dev — MALICIOUS

> coiin-base-ex-tension.pages.dev is flagged for phishing. Learn about its risks, current offline status, and how to stay protected.

## Summary
PhishDestroy identifies coiin-base-ex-tension.pages.dev as a high-risk generic phishing domain. This suspicious site was flagged primarily for social engineering tactics aimed at deceiving users into divulging sensitive information. The domain’s recent creation date in February 2026 and its use in malicious campaigns underline the urgency of awareness and caution among internet users.

Technically, the domain resolves to IP address 172.66.45.14 and is registered via Cloudflare, Inc., a common provider for hosting and domain registration. It appears on three distinct security blocklists, and 14 out of 95 VirusTotal engines have identified malicious activity associated with it. Google Safe Browsing has also flagged it under "SOCIAL_ENGINEERING," which confirms its malicious intent to manipulate users through deceptive interfaces or false claims.

Currently, coiin-base-ex-tension.pages.dev is offline, having been taken down following detection efforts. Despite its removal, users and organizations should remain vigilant against similar domains that may emerge. It is recommended to maintain updated endpoint protection, utilize domain reputation services, and educate users on phishing indicators to prevent compromise from evolving threats in this category.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.45.14
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["karina.ns.cloudflare.com", "gabe.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "Chong Lua Dao", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019adbbb-be9a-7695-ba9b-176611633ac5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a9d7509c-2e6f-4560-8bfa-c1b016fda572
- PhishDestroy: https://phishdestroy.io/domain/coiin-base-ex-tension.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coiin-base-ex-tension.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coiin-base-ex-tension.pages.dev/
Last updated: 2026-03-19