# en-exten-base.pages.dev — MALICIOUS

> en-exten-base.pages.dev is flagged for phishing and social engineering. Learn why this high-risk domain is offline and how to protect yourself.

## Summary
PhishDestroy identifies en-exten-base.pages.dev as a high-risk generic phishing domain aimed at social engineering attacks. Such threats are critical as they attempt to deceive users into revealing sensitive information, potentially leading to financial loss or identity theft.

This domain was registered recently in February 2026 through Cloudflare, Inc., and resolves to the IP address 172.66.47.167. It appears on three separate security blocklists and is flagged by Google Safe Browsing for social engineering. VirusTotal analysis shows detection by 13 out of 95 security vendors, reinforcing its malicious nature. The domain is currently offline, likely taken down following detection efforts.

Users are strongly advised to avoid visiting en-exten-base.pages.dev or interacting with any communications referencing this domain. Employing updated antivirus software, enabling browser protections, and remaining vigilant against unsolicited requests for personal data are essential steps to mitigate risk. PhishDestroy recommends reporting suspicious sites promptly to enhance collective security.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.167
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["journey.ns.cloudflare.com", "matias.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ad498-7144-76c9-bffb-60e23ef57cbe.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7e0828da-a49c-418b-8caa-c457517f9402
- PhishDestroy: https://phishdestroy.io/domain/en-exten-base.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/en-exten-base.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/en-exten-base.pages.dev/
Last updated: 2026-03-19