# coinbase.com.cases.support — MALICIOUS

> coinbase.com.cases.support impersonated Coinbase to steal data. Stay alert and avoid this phishing domain. Learn more and protect yourself now.

## Summary
PhishDestroy identifies coinbase.com.cases.support as a high-risk brand impersonation domain targeting Coinbase users. Classified under brand impersonation phishing, this domain was designed to deceive users by mimicking the trusted Coinbase brand. The phishing attempt involved a misleading page titled "Just a moment..." aimed at capturing sensitive user information through social engineering tactics.

Technical analysis reveals that coinbase.com.cases.support was registered on December 17, 2025, through OwnRegistrar, Inc., and resolved to the IP address 172.67.73.24. The domain appeared on two major security blocklists and was flagged by Google Safe Browsing for social engineering risks. VirusTotal scans detected suspicious activity with 10 out of 95 security vendors raising alerts. The domain’s infrastructure and naming convention were crafted to closely imitate Coinbase’s legitimate domain, increasing the likelihood of successful user deception.

Currently, coinbase.com.cases.support has been taken offline, mitigating immediate threats. PhishDestroy recommends users remain vigilant against similar future attempts and verify URLs carefully before entering credentials. Despite its offline status, the domain’s registration and prior activity underscore the ongoing threat posed by brand impersonation scams targeting cryptocurrency platforms.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2025-12-17 00:00:00
- Expires: 2026-12-17 00:00:00
- Registrar: OwnRegistrar, Inc.
- Country: US
- IP: 172.67.73.24
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: jamie.ns.cloudflare.com yew.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ChainPatrol", "BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "SOCRadar", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b2fe7-c381-771b-b9b4-dbae5b846863.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/6d911459-1670-4a0c-a904-31697822b9a2
- PhishDestroy: https://phishdestroy.io/domain/coinbase.com.cases.support/
- LLM endpoint: https://phishdestroy.io/domain/coinbase.com.cases.support/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase.com.cases.support/
Last updated: 2026-03-19