# faq.coinbase-eua.com — MALICIOUS

> faq.coinbase-eua.com impersonates Coinbase to steal credentials; 9 of 95 VirusTotal engines flag it. Do NOT enter login details.

## Summary
PhishDestroy identifies faq.coinbase-eua.com as an active Coinbase brand impersonation scam designed to steal user credentials and sensitive financial information. This fraudulent domain masquerades as a Coinbase FAQ page, leveraging the trusted brand name to trick victims into entering their login credentials or personal data. The page title mirrors Coinbase’s branding, while the domain itself—registered only on October 25, 2024—is less than a month old, indicating a recently deployed campaign targeting unsuspecting cryptocurrency users.  This domain was flagged by 9 out of 95 security vendors on VirusTotal, placing it in a high-risk category for potential malicious activity. It resolves to IP address 103.224.212.213 and was registered through TUCOWS.COM, CO., a well-known domain registrar often exploited in phishing operations due to lax oversight. Its SSL certificate, issued by Let’s Encrypt, creates a false sense of legitimacy, further deceiving visitors. The domain has already been added to one security blocklist and is blocked by SEAL, a reputable threat intelligence feed, underscoring its confirmed malicious nature.  If you visited faq.coinbase-eua.com, immediately cease any interaction and do not enter any login credentials or personal information. Check your Coinbase account for unauthorized transactions, enable two-factor authentication if you haven’t already, and consider revoking any session tokens or API keys exposed during the visit. Use a trusted password manager to change passwords for Coinbase and any other accounts with shared credentials. Report the domain to Coinbase’s abuse team and your organization’s security team if applicable. Finally, scan your device for malware using a reputable antivirus tool, as phishing pages can sometimes deliver additional payloads.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Target brand: Coinbase
- Page title: coinbase-eua.com

## Domain Intelligence
- Registered: 2024-10-25 18:00:14
- Registrar: TUCOWS.COM, CO.
- IP: 103.224.212.213

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/6af54598-c4c7-422c-93f4-512626ed0cd2
- PhishDestroy: https://phishdestroy.io/domain/faq.coinbase-eua.com/
- LLM endpoint: https://phishdestroy.io/domain/faq.coinbase-eua.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/faq.coinbase-eua.com/
Last updated: 2026-04-14