# help-coinbsecom-sign-us.framer.ai — SUSPICIOUS > help-coinbsecom-sign-us.framer.ai mimics Coinbase login page to steal credentials. 2/95 security vendors detected this phishing scam. Check the full report. ## Summary PhishDestroy identifies help-coinbsecom-sign-us.framer.ai as a live Coinbase credential phishing domain designed to harvest login details under the guise of 'help-coinbsecom-sign-us'. The site poses as a Coinbase authentication portal but routes entered credentials to attacker-controlled servers. By impersonating a legitimate crypto-exchange login page, the domain attempts to trick users into surrendering email or password combinations. Security scanners flag the page as malicious due to mismatched SSL certificate details and atypical redirect chains originating from Coinbase-branded phishing lures. This domain was flagged by PhishDestroy with elevated risk after VirusTotal analysis confirmed detections by 2 of 95 participating security vendors, indicating limited but growing awareness of the threat. The domain resolves to IP address 31.43.160.6 via a Let's Encrypt SSL certificate issued to a generic hostname not affiliated with Coinbase. Public blocklist checks reveal multiple listings across threat-intelligence feeds, confirming active abuse. The domain is hosted on Framer’s platform, which has become a favored hosting provider for cryptocurrency phishing due to its low barrier to site creation and legitimate appearance. If you visited help-coinbsecom-sign-us.framer.ai, immediately change your Coinbase password using a clean device and enable two-factor authentication. Scan your system with reputable antivirus software to detect any keyloggers or browser extensions related to this campaign. Revoke any browser sessions authenticated via the compromised domain and monitor your email and crypto wallets for unauthorized access. Report the domain to Coinbase’s fraud team and consider enabling withdrawal whitelists if available. Always verify URLs directly in your browser—never rely on embedded links or external redirects when accessing financial accounts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 31.43.160.6 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/86de9eb3-f370-4787-9478-ad03dba30e1a - PhishDestroy: https://phishdestroy.io/domain/help-coinbsecom-sign-us.framer.ai/ - LLM endpoint: https://phishdestroy.io/domain/help-coinbsecom-sign-us.framer.ai/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/help-coinbsecom-sign-us.framer.ai/ Last updated: 2026-04-11