# prometheus.coinbase-eua.com — SUSPICIOUS

> prometheus.coinbase-eua.com is a crypto drainer impersonating Coinbase. Blocked by SEAL, flagged by 4/95 VirusTotal scanners. Verify on PhishDestroy immediately.

## Summary
PhishDestroy identifies prometheus.coinbase-eua.com as an active crypto drainer impersonating the Coinbase brand, designed to steal cryptocurrency credentials and assets. This domain mimics Coinbase’s login interface to deceive users into entering sensitive information, which is then harvested by threat actors for unauthorized transactions or account takeovers.

This domain was flagged by 4 out of 95 VirusTotal security vendors, indicating limited but notable detection. It was registered through TUCOWS.COM, CO. on October 25, 2024, and is currently blocked by the SEAL threat intelligence system. Additionally, it appears on one security blocklist, further validating its malicious intent. The domain resolves to IP address 103.224.212.213 and utilizes a Let's Encrypt SSL certificate, which may lend it an air of legitimacy to unsuspecting users.

If you visited prometheus.coinbase-eua.com, immediately cease any interaction with the site and disconnect from the network to prevent potential credential theft or malware delivery. Scan your device for unauthorized software using reputable antivirus tools. Revoke any permissions granted to the site and change passwords for your Coinbase account and any other linked services. Report the domain to PhishDestroy for further investigation and to help protect others from falling victim to this scheme.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP ?)
- Target brand: Coinbase
- Page title: coinbase-eua.com

## Domain Intelligence
- Registered: 2024-10-25 18:00:14
- Registrar: TUCOWS.COM, CO.
- IP: 103.224.212.213

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/prometheus.coinbase-eua.com
- PhishDestroy: https://phishdestroy.io/domain/prometheus.coinbase-eua.com/
- LLM endpoint: https://phishdestroy.io/domain/prometheus.coinbase-eua.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/prometheus.coinbase-eua.com/
Last updated: 2026-04-14