# 76372coinbase.com — MALICIOUS > Explore the potential phishing risks linked to 76372coinbase.com, a suspicious domain flagged for social engineering tactics. ## Summary PhishDestroy identifies 76372coinbase.com as a domain exhibiting characteristics commonly associated with phishing attempts, specifically targeting users through social engineering methods. The domain name’s resemblance to a well-known cryptocurrency platform suggests an intent to deceive visitors into divulging sensitive information. Although definitive malicious payloads are not yet confirmed, the domain remains under active investigation due to its suspicious nature. Technically, 76372coinbase.com resolves to the IP address 104.21.72.63 and is registered via NICENIC INTERNATIONAL GROUP CO., LIMITED. Despite its creation date being in the future (March 05, 2026), the domain has been flagged by Google Safe Browsing for social engineering threats, indicating a high likelihood of phishing activity. VirusTotal analysis currently shows no detections by any security vendors, which suggests the domain might be newly registered or employing evasion techniques. The use of a reputable registrar does not negate the risk, as threat actors frequently leverage legitimate services for their infrastructure. At present, 76372coinbase.com remains active and flagged by Google Safe Browsing’s social engineering category. Users are strongly advised to avoid interacting with this domain or submitting any personal credentials. Security teams should monitor this domain for evolving behavior and update blocklists accordingly. Given the domain’s suspicious attributes and potential to facilitate credential theft, caution and further monitoring are warranted while investigations continue. ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP 530) - Target brand: Coinbase - Page title: Sign in - Coinbase ## Domain Intelligence - Registered: 2026-03-06 11:07:01 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - Country: HK - IP: 104.21.72.63 - IP Country: US - IP City: San Francisco - IP Org: AS13335 Cloudflare, Inc. - Nameservers: rohin.ns.cloudflare.com tina.ns.cloudflare.com - SSL Issuer: none ## Detection Status - VirusTotal: 12 vendors flagged Vendors: ["ChainPatrol", "alphaMountain.ai", "CRDF", "CyRadar", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "SOCRadar", "Webroot"] - Google Safe Browsing: FLAGGED - Blocklists: 2 hits Lists: ["PhishDestroy", "MetaMask"] ## Evidence - Screenshot: https://urlscan.io/screenshots/019cc28b-ab99-729d-9b55-c02c75930c25.png - Cloudflare Radar: https://radar.cloudflare.com/domains/76372coinbase.com - Wayback Machine: https://web.archive.org/web/https://76372coinbase.com - PhishDestroy: https://phishdestroy.io/domain/76372coinbase.com/ - LLM endpoint: https://phishdestroy.io/domain/76372coinbase.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/76372coinbase.com/ Last updated: 2026-03-16