# extnsion-coin-bas-learn.pages.dev — MALICIOUS

> extnsion-coin-bas-learn.pages.dev is a high-risk phishing domain flagged for social engineering. Stay alert and avoid interaction with this site.

## Summary
PhishDestroy identifies extnsion-coin-bas-learn.pages.dev as a high-risk generic phishing domain. The domain aims to deceive users through social engineering tactics, posing significant risks to personal and financial information.

This domain was registered recently on February 21, 2026, and is hosted on IP 172.66.44.148 via Cloudflare, Inc., indicating the use of privacy-protective infrastructure often favored by threat actors. It appears on three distinct security blocklists and is flagged by Google Safe Browsing for social engineering. VirusTotal analysis shows 14 out of 95 security vendors have identified malicious activity linked to this domain. The page title currently displays a Cloudflare warning of suspected phishing, supporting its malicious intent.

Currently offline, extnsion-coin-bas-learn.pages.dev poses no active threat but should remain blocked and monitored to prevent future phishing attacks. Users are advised to avoid clicking on related links or providing sensitive data. Security teams should maintain updated blocklists and educate users on recognizing such social engineering sites to reduce exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.148
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["delilah.ns.cloudflare.com", "lakas.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019aac5a-17cb-7388-bc2a-95f7029ae25c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2361da4e-146d-4abd-b6b3-ed591eab80ba
- PhishDestroy: https://phishdestroy.io/domain/extnsion-coin-bas-learn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/extnsion-coin-bas-learn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/extnsion-coin-bas-learn.pages.dev/
Last updated: 2026-03-19