# coinbase.com-transaction.support — MALICIOUS

> coinbase.com-transaction.support is flagged for brand impersonation and social engineering. Avoid interacting with this site to protect your data and accounts.

## Summary
PhishDestroy identifies coinbase.com-transaction.support as a high-risk domain engaged in brand impersonation targeting Coinbase users. This poses a significant threat of social engineering attacks designed to deceive users into divulging sensitive information.

Supporting evidence includes its appearance on two security blocklists, classification by Google Safe Browsing as a SOCIAL_ENGINEERING threat, and detection by 16 out of 95 VirusTotal security vendors. The domain was recently created on December 17, 2025, and is registered through OwnRegistrar, Inc., both indicators typical of fraudulent sites. The domain resolved to an IP address associated with potentially malicious activity before becoming offline.

Users are advised to avoid visiting coinbase.com-transaction.support as it is currently offline but flagged for phishing risks. To stay protected, always verify URLs carefully and access Coinbase services only through official channels. PhishDestroy recommends maintaining updated security software and reporting suspicious domains to safeguard personal and financial information.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 523)
- Target brand: Coinbase
- Page title: com-transaction.support | 502: Bad gateway

## Domain Intelligence
- Registered: 2025-12-17 00:00:00
- Expires: 2026-12-17 00:00:00
- Registrar: OwnRegistrar, Inc.
- Country: US
- IP: 172.67.202.38
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: vera.ns.cloudflare.com ashton.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["BitDefender", "CRDF", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "Seclookup", "SOCRadar", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b2ed7-02f5-74e7-bfa5-a9a1a4380628.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1aaee305-065e-4c20-ab70-543875210280
- Wayback Machine: https://web.archive.org/web/https://coinbase.com-transaction.support
- PhishDestroy: https://phishdestroy.io/domain/coinbase.com-transaction.support/
- LLM endpoint: https://phishdestroy.io/domain/coinbase.com-transaction.support/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase.com-transaction.support/
Last updated: 2026-03-19