# login.coin-base.com — MALICIOUS

> login.coin-base.com is under investigation for credential phishing. Learn the latest findings and safety guidance from PhishDestroy.

## Summary
PhishDestroy identifies login.coin-base.com as a domain associated with credential phishing threats. Despite lacking detection flags from security vendors, this domain poses potential risk due to its suspicious use mimicking the legitimate Coinbase login portal. The analysis is motivated by the need to protect users from credential theft leveraging deceptive domain naming tactics.

The domain login.coin-base.com was registered on September 1, 2015, through GoDaddy.com, LLC, and currently resolves to IP address 34.44.95.9. VirusTotal analysis reveals no detections among 95 scanning engines, suggesting the domain's malicious nature is either newly active or deliberately evasive. The domain’s subdomain structure closely imitates a trusted brand, a common trait in phishing infrastructure intended to deceive users into disclosing sensitive login credentials.

At present, login.coin-base.com remains active and under investigation by PhishDestroy specialists. Users are strongly advised to avoid interaction with this domain and verify Coinbase-related URLs carefully. Organizations should consider monitoring network traffic for any connections to this IP and educate end-users about the dangers of fake login portals. Continued surveillance is warranted given the domain’s prolonged registration and ongoing active status, underscoring the importance of vigilance against evolving phishing schemes.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Coinbase
- Page title: Coinbase - Buy and Sell Bitcoin, Ethereum, and more with trust

## Domain Intelligence
- Registered: 2026-03-03 21:07:01
- Registrar: GoDaddy.com, LLC
- Country: US
- IP: 34.44.95.9
- IP Country: US
- IP City: Council Bluffs
- IP Org: AS396982 Google LLC
- Nameservers: ["ns1.adtraks.com", "ns2.adtraks.com"]
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "Fortinet", "SOCRadar", "Trustwave"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cb582-9533-736c-8d08-8aff139cb5d3.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f4d4db00-b117-45a8-832d-c10c15aa8df0
- Wayback Machine: https://web.archive.org/web/https://login.coin-base.com
- PhishDestroy: https://phishdestroy.io/domain/login.coin-base.com/
- LLM endpoint: https://phishdestroy.io/domain/login.coin-base.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/login.coin-base.com/
Last updated: 2026-03-19