# digit-coinbase--xtnsonn.pages.dev — MALICIOUS

> digit-coinbase--xtnsonn.pages.dev is a high-risk phishing site impersonating Coinbase. Stay safe—learn how to recognize and avoid this scam.

## Summary
PhishDestroy identifies digit-coinbase--xtnsonn.pages.dev as a deceptive website impersonating the well-known cryptocurrency platform Coinbase. This site poses a serious threat by attempting to trick users into revealing sensitive information such as login credentials and personal data. Despite being recently created in February 2026, the domain was quickly flagged and taken offline due to its malicious intent.

This phishing scheme operates by mimicking Coinbase's branding and user interface to create a convincing but fraudulent login portal. Victims who enter their details on this fake site risk having their accounts compromised, leading to potential financial loss or identity theft. The domain was flagged by multiple security services and appears on several blocklists, highlighting its high risk. Google Safe Browsing identified it under the "SOCIAL_ENGINEERING" category, confirming its purpose to deceive users.

If you have visited digit-coinbase--xtnsonn.pages.dev, immediately avoid entering any credentials or personal information. Run a security scan on your devices and change your Coinbase password, preferably from a secure device. Monitor your accounts for any unauthorized activity and consider enabling two-factor authentication for additional protection. Reporting suspicious sites like this to platforms such as PhishDestroy helps protect others from falling victim to similar scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.194
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["quinton.ns.cloudflare.com", "meera.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ca803-e8f3-71bd-9dfe-923ccffb8434.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c1a91d24-c361-4636-bb07-4f882ba8ccff
- PhishDestroy: https://phishdestroy.io/domain/digit-coinbase--xtnsonn.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/digit-coinbase--xtnsonn.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/digit-coinbase--xtnsonn.pages.dev/
Last updated: 2026-03-19