diff --git a/indicators/coinbase-69638f20.yml b/indicators/coinbase-69638f20.yml
new file mode 100644
index 00000000..3ee2d20d
--- /dev/null
+++ b/indicators/coinbase-69638f20.yml
@@ -0,0 +1,22 @@
+title: Coinbase Phishing Kit 69638f20
+description: |
+    A Coinbase Phishing Kit asking the user to enter their
+    12-word seed phrase. 
+    This kit seems to be exclusively deployed on Glitch.
+
+references:
+  - https://urlscan.io/result/69638f20-d983-4d53-9ec5-21955f96b0ae
+  - https://urlscan.io/search/#filename:%22cb675.png%22
+  
+detection:
+
+    pageTitle:
+        title: "info"
+
+    coinbaseLogo:
+        requests|contains: "i.postimg.cc/zG3nVT0g/cb675.png"
+
+    inputBoxName:
+        dom|contains: "newmh78"
+
+    condition: pageTitle and coinbaseLogo and inputBoxName