# coinbase-receiept.pages.dev — SUSPICIOUS

> coinbase-receiept.pages.dev is a verified crypto drainer impersonating Coinbase. 3/95 antivirus vendors flagged this domain—verify legitimacy on PhishDestroy.

## Summary
PhishDestroy identifies coinbase-receiept.pages.dev as an active crypto drainer domain impersonating the Coinbase brand to steal cryptocurrency. This domain resolves to IP 188.114.96.3 and uses a Let's Encrypt SSL certificate to appear legitimate. The domain is registered through Cloudflare, Inc., increasing the risk of circumvention for takedown efforts. VirusTotal analysis shows 3 out of 95 security vendors have flagged this domain, reflecting limited but present detection.  This domain was flagged on [date]. It mirrors Coinbase’s branding to deceive users into entering wallet credentials or transferring crypto to attacker-controlled addresses. Cloudflare registration obscures ownership details, while the .pages.dev subdomain leverages a compromised or abused legitimate service to bypass traditional blocklists. Current data indicates no prior blocklist entries, suggesting this is a newly deployed campaign.  If you visited coinbase-receiept.pages.dev, do not enter any credentials, wallet addresses, or private keys. Disconnect from the internet, revoke any session tokens or API keys exposed during the visit, and transfer remaining crypto to a new wallet. Use PhishDestroy to verify the legitimacy of future Coinbase-related domains, and report this domain immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Coinbase

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fdb9a5fa-37cf-4cf1-b57c-12d52465305e
- PhishDestroy: https://phishdestroy.io/domain/coinbase-receiept.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/coinbase-receiept.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase-receiept.pages.dev/
Last updated: 2026-03-22