# explore-extension-coin.pages.dev — MALICIOUS

> Explore-extension-coin.pages.dev is flagged as a high-risk phishing site. Stay protected and avoid this domain. Verify domain safety now with PhishDestroy.

## Summary
PhishDestroy identifies explore-extension-coin.pages.dev as a high-risk generic phishing domain. It is designed to deceive users, potentially stealing sensitive information under false pretenses. The domain carries a strong social engineering threat, confirmed by Google Safe Browsing classification, making it a significant security concern for internet users.

Technically, the domain was registered on February 21, 2026, through Cloudflare, Inc. It resolves to the IP address 172.66.44.157 and appears on two independent security blocklists. VirusTotal analysis shows 13 out of 95 security vendors flag the domain, supporting its malicious intent. The hosting infrastructure leverages Cloudflare's platform, which often complicates direct attribution but provides a layer of protection for the phishing operators.

Currently, the domain is offline, as noted by Cloudflare's takedown status and the presence of a 'Suspected phishing site' warning page. PhishDestroy recommends users avoid this domain completely. Website administrators and security teams should maintain updated blocklists including explore-extension-coin.pages.dev to prevent exposure. Continuous monitoring is advised to detect any attempts to reactivate or use similar domain naming patterns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.157
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jillian.ns.cloudflare.com", "houston.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a2307-0575-71d8-9ed4-d70392601b9c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/9e334723-eae3-46c2-ad01-6914d725141c
- PhishDestroy: https://phishdestroy.io/domain/explore-extension-coin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/explore-extension-coin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/explore-extension-coin.pages.dev/
Last updated: 2026-03-19