# explore-extensioncoinn.pages.dev — MALICIOUS

> Explore-extensioncoinn.pages.dev is flagged for phishing and social engineering. Avoid this site to protect your personal information and devices.

## Summary
PhishDestroy identifies explore-extensioncoinn.pages.dev as a high-risk generic phishing domain. It is classified primarily for social engineering attacks designed to deceive users into divulging sensitive information. The domain’s suspicious behavior is confirmed by multiple security sources, highlighting its role in fraudulent activities targeting unsuspecting victims.

Technical indicators include its resolution to IP address 172.66.44.128, a Cloudflare-hosted infrastructure known for facilitating fast deployment of malicious pages. Registered on February 21, 2026, through Cloudflare, Inc., the domain is relatively new, which is common among phishing sites attempting to evade detection. Google Safe Browsing flags the domain with a social engineering warning, and it appears on three separate security blocklists. Additionally, 13 out of 95 security vendors on VirusTotal have identified it as malicious, reinforcing its threat credibility.

Currently, the domain is offline and inaccessible, likely due to takedown efforts prompted by these detections. The Cloudflare-hosted page now displays a warning indicating suspected phishing activity. PhishDestroy recommends users avoid this domain and remain cautious of any related URLs. Continuous monitoring is advised to detect potential reemergence or associated malicious infrastructure leveraging similar naming patterns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.128
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["jillian.ns.cloudflare.com", "houston.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceef0-1ffd-74fa-9269-d7bd6351115f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8e65b97c-9c6e-4750-84a3-f940cfa0e8d9
- PhishDestroy: https://phishdestroy.io/domain/explore-extensioncoinn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/explore-extensioncoinn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/explore-extensioncoinn.pages.dev/
Last updated: 2026-03-19