# learn-extsion-base-extion.pages.dev — MALICIOUS

> learn-extsion-base-extion.pages.dev is a high-risk phishing domain flagged for social engineering. Avoid interaction; domain is currently offline.

## Summary
PhishDestroy identifies learn-extsion-base-extion.pages.dev as a high-risk generic phishing domain designed to deceive users and capture sensitive information. Classified due to its involvement in social engineering tactics, this domain is associated with fraudulent activity aimed at exploiting unsuspecting visitors. The suspicious nature aligns with its relatively recent registration date on February 21, 2026, and the suspicious construction of its URL, which mimics legitimate service patterns to gain trust.

From a technical standpoint, the domain resolves to the IP address 172.66.47.145 and is registered through Cloudflare, Inc. It has been flagged on three separate security blocklists, underscoring its malicious intent. Additionally, Google Safe Browsing categorizes it under "SOCIAL_ENGINEERING," indicating the use of deceptive content to manipulate users. VirusTotal analysis reveals that 14 out of 95 security engines identify the domain as malicious, further consolidating its phishing classification.

Currently, the domain is offline and no longer active, having been taken down in response to these detections. This status minimizes the immediate risk to users, but vigilance is advised as threat actors frequently recreate similar domains. Organizations and individuals should continue to monitor related infrastructure and avoid interaction with any variants. PhishDestroy recommends maintaining updated blocklists and employing comprehensive email and web filtering to prevent exposure to such phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.145
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["novalee.ns.cloudflare.com", "sterling.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "BitDefender", "CyRadar", "Ermes", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a87b3-9fd9-70bc-ba83-50c2efa037d4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/88346a18-1511-4102-ab2f-0af39d9eef51
- PhishDestroy: https://phishdestroy.io/domain/learn-extsion-base-extion.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/learn-extsion-base-extion.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/learn-extsion-base-extion.pages.dev/
Last updated: 2026-03-19