# coinbase.giving — MALICIOUS

> coinbase.giving is under investigation for phishing risks. Avoid sharing personal info and verify site authenticity before proceeding online.

## Summary
PhishDestroy has identified the domain coinbase.giving as potentially involved in phishing activities, though it currently has no detections on VirusTotal and remains under investigation. Users should be cautious because phishing sites trick individuals into revealing sensitive information by masquerading as trusted services.

This phishing attempt likely exploits the well-known Coinbase brand by using a similar domain name to deceive users into trusting the site. The domain resolves to IP 188.114.97.3, and despite no current security vendor flags, the suspicious domain name and active status suggest users should exercise vigilance.

If a user has visited coinbase.giving, they should avoid entering any personal or financial information and monitor their accounts for unusual activity. Running updated antivirus scans and changing passwords on legitimate Coinbase accounts is advised. Reporting the domain to security teams can aid in tracking potential threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Coinbase
- Page title: Receipt for Incoming Transfer - Coinbase Commerce

## Domain Intelligence
- Registered: 2026-03-05 15:07:02
- Registrar: Global Domain Group LLC
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: amos.ns.cloudflare.com,dayana.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["alphaMountain.ai", "Ermes", "Fortinet", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://i.ibb.co/gZHf5jyh/31ef077f7237.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c5085aa4-189e-4a78-9fb5-6a6c3c196435
- Wayback Machine: https://web.archive.org/web/https://coinbase.giving
- PhishDestroy: https://phishdestroy.io/domain/coinbase.giving/
- LLM endpoint: https://phishdestroy.io/domain/coinbase.giving/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbase.giving/
Last updated: 2026-03-19