# hub-extension-coin.pages.dev — SUSPICIOUS

> hub-extension-coin.pages.dev is a coin-theft phishing page detected by PhishDestroy with 0/95 VirusTotal flags. Check the full report.

## Summary
PhishDestroy identifies hub-extension-coin.pages.dev as an active coin-theft phishing page designed to trick visitors into revealing cryptocurrency wallet credentials or transferring coins to attacker-controlled addresses. The site mimics legitimate browser-extension stores or wallet interfaces, presenting fake “install now” buttons or seed-phrase input forms that harvest private keys. Hosted on Cloudflare Pages (188.114.96.3) and secured with a Google Trust Services certificate, its interface relies on social engineering rather than technical exploits, aiming to steal digital assets directly from users. 

This domain was flagged by PhishDestroy after receiving 0 detections out of 95 VirusTotal scans as of the latest check, indicating it remains under the radar of most antivirus engines. Registered through Cloudflare, Inc., the site leverages the pages.dev subdomain to appear as a legitimate developer page—commonly abused for short-lived credential-harvesting campaigns. Its SSL certificate, issued by Google Trust Services, further enhances its perceived legitimacy, tricking users into believing the connection is secure. 

If you visited hub-extension-coin.pages.dev, immediately revoke any wallet permissions granted to the site via your wallet’s “Connected sites” or “DApp browser” settings. Do not enter seed phrases, private keys, or wallet passwords on any page hosted at this domain. Scan your device with updated antivirus software and consider transferring remaining funds to a newly generated wallet with a different seed phrase. Report the domain to your wallet provider and to PhishDestroy to help block future campaigns using this infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7e6aa49a-b632-4802-b031-3e18cb897027
- PhishDestroy: https://phishdestroy.io/domain/hub-extension-coin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/hub-extension-coin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hub-extension-coin.pages.dev/
Last updated: 2026-03-29