# get-coinbsse-com-sign.framer.ai — SUSPICIOUS

> PhishDestroy identifies get-coinbsse-com-sign.framer.ai as a Coinbase credential phishing domain with 0/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies get-coinbsse-com-sign.framer.ai as a Coinbase credential harvesting domain masquerading as a legitimate exchange login portal. The domain uses a Let's Encrypt SSL certificate and resolves to IP 31.43.160.6, suggesting infrastructure commonly abused in fake financial service impersonations. The threat actor leverages the framer.ai subdomain to lend false legitimacy to the phishing page, targeting users seeking Coinbase account access or password recovery.  This domain remains undetected on public scanning platforms, with 0 out of 95 VirusTotal engines flagging it at the time of analysis. While the exact creation date and registrar data are not publicly disclosed, the active status and lack of blocklist inclusion indicate a recently deployed campaign. The absence of detections highlights the challenge of identifying low-signal phishing domains early in their lifecycle.  Users who visited this domain should immediately check their browser history for unexpected redirects and avoid entering any credentials. If login details were submitted, users must change their Coinbase password immediately and enable two-factor authentication. Consider revoking any API keys or session tokens exposed during the interaction and monitor financial accounts for unauthorized activity. Report the domain to Coinbase and your local cybersecurity authority.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 31.43.160.6

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/get-coinbsse-com-sign.framer.ai
- PhishDestroy: https://phishdestroy.io/domain/get-coinbsse-com-sign.framer.ai/
- LLM endpoint: https://phishdestroy.io/domain/get-coinbsse-com-sign.framer.ai/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-coinbsse-com-sign.framer.ai/
Last updated: 2026-04-10