# coinbasetensios.gitbook.io — MALICIOUS

> coinbasetensios.gitbook.io posed a high-risk brand impersonation threat mimicking Coinbase. It is offline but remain cautious of similar phishing sites.

## Summary
PhishDestroy identifies coinbasetensios.gitbook.io as a high-risk brand impersonation domain targeting Coinbase users. This phishing attempt aimed to deceive victims by mimicking official Coinbase branding to capture sensitive credentials, posing significant financial and privacy risks.

The domain was registered on March 04, 2026, through Cloudflare, Inc., and resolved to IP 104.18.40.47. It was flagged by 12 out of 95 VirusTotal security vendors and appeared on three security blocklists before being taken offline. The site title "Coinbase® Extension® | Untitled" further indicated an attempt to impersonate legitimate Coinbase services.

Users are advised to remain vigilant when interacting with domains similar to official brand names. Avoid clicking suspicious links or entering login information on unofficial sites. Always verify URLs carefully and use official channels for cryptocurrency transactions to protect against fraud.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Coinbase® Extension® | Untitled

## Domain Intelligence
- Registered: 2026-03-04 15:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.40.47
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dahlia.ns.cloudflare.com", "hugh.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "DNS8", "Emsisoft", "G-Data", "Gridinsoft", "Kaspersky", "Netcraft", "OpenPhish", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/mFMmdjT3/b84746f850d5.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/11ddd86b-1647-4f13-9785-b117def18a6d
- Wayback Machine: https://web.archive.org/web/https://coinbasetensios.gitbook.io
- PhishDestroy: https://phishdestroy.io/domain/coinbasetensios.gitbook.io/
- LLM endpoint: https://phishdestroy.io/domain/coinbasetensios.gitbook.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbasetensios.gitbook.io/
Last updated: 2026-03-19