# coinbasezsupport.blogspot.com — SUSPICIOUS > coinbasezsupport.blogspot.com impersonates Coinbase support with zero VirusTotal detections as of now. Check the full report. ## Summary PhishDestroy identifies a live brand impersonation scam hosted at coinbasezsupport.blogspot.com, where attackers masquerade as Coinbase support to harvest user credentials and financial data. This domain leverages a deceptive blogspot subdomain to exploit trust in the legitimate Coinbase brand, aiming to mislead victims into disclosing sensitive account information or payment details. The threat actor behind this domain employs social engineering tactics, posing as official support staff to manipulate users into performing actions that compromise their security. Given the domain’s active status and the absence of detections on VirusTotal, it represents a significant risk to unsuspecting crypto users seeking legitimate assistance. Technical analysis of coinbasezsupport.blogspot.com reveals a sophisticated impersonation campaign, with the domain resolving to IP 142.251.127.132 and operating under an SSL certificate issued by Google Trust Services, which may lend an air of legitimacy to the fraudulent site. As of the latest scan, the domain remains undetected by 95 security vendors on VirusTotal, indicating a low initial detection rate that could allow the threat to persist undetected. While the exact creation date is not publicly available, the lack of blocklist entries further underscores the stealthy nature of this campaign. The use of a blogspot subdomain—a platform typically associated with benign content—adds a layer of obfuscation, making it easier for the domain to evade traditional security measures and blend into legitimate traffic. Users who have visited coinbasezsupport.blogspot.com should immediately assess whether they entered any credentials or financial information on the site. If sensitive data was disclosed, reset passwords for Coinbase and any other accounts where the same credentials were reused, and enable multi-factor authentication where available. Additionally, scan devices for malware or unauthorized access, as the threat actor may attempt to maintain persistence on compromised systems. Report the domain to Coinbase’s official support channels and consider blocking it at the network level to prevent further exposure. Vigilance is critical in mitigating the risks posed by this impersonation scam, and users are advised to verify the authenticity of support channels directly through Coinbase’s official website or verified social media accounts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Coinbase ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 142.251.127.132 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1d9cd135-7839-4685-b76c-83c17d923a1f - PhishDestroy: https://phishdestroy.io/domain/coinbasezsupport.blogspot.com/ - LLM endpoint: https://phishdestroy.io/domain/coinbasezsupport.blogspot.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/coinbasezsupport.blogspot.com/ Last updated: 2026-03-26