# 69aef5d35723ce18449962c9--coinbase-clone-demo.netlify.app — MALICIOUS

> Exercise caution with 69aef5d35723ce18449962c9--coinbase-clone-demo.netlify.app, flagged for potential phishing risks. Avoid sharing personal info.

## Summary
PhishDestroy has identified the domain 69aef5d35723ce18449962c9--coinbase-clone-demo.netlify.app as a potential phishing site mimicking Coinbase's interface. It is currently classified under a generic phishing threat type, with its risk level marked as under investigation, reflecting ongoing analysis to confirm its malicious intent.

This domain resolves to IP address 63.176.8.218 and is hosted on the Netlify platform, which is commonly used for legitimate web projects but can also be abused for hosting phishing pages. Notably, VirusTotal scans do not currently detect any malicious behavior, scoring zero detections across all analyzed engines. However, Google Safe Browsing has flagged the domain for social engineering, indicating users might be deceived into divulging sensitive information. The domain's complex, autogenerated-style naming pattern is typical of ephemeral phishing infrastructure.

At present, the domain remains active and under close surveillance. PhishDestroy advises users to exercise vigilance and avoid interacting with this URL until further analysis is complete. Security teams should consider blocking or monitoring traffic to this domain as a precautionary measure. Continued observation will determine if additional mitigations or alerts are warranted based on evolving threat intelligence.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Coinbase
- Page title: Site not found

## Domain Intelligence
- Registered: 2026-03-10 13:07:01
- Registrar: Netlify
- Country: US
- IP: 63.176.8.218
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: DigiCert Inc / DigiCert Global G2 TLS RSA SHA256 2020 CA1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/m5nbGmWK/031952b52116.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5d303469-8b99-458c-ae79-84346d555cee
- PhishDestroy: https://phishdestroy.io/domain/69aef5d35723ce18449962c9--coinbase-clone-demo.netlify.app/
- LLM endpoint: https://phishdestroy.io/domain/69aef5d35723ce18449962c9--coinbase-clone-demo.netlify.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/69aef5d35723ce18449962c9--coinbase-clone-demo.netlify.app/
Last updated: 2026-03-19