# app.coinbasekorea.com — SUSPICIOUS > PhishDestroy flags app.coinbasekorea.com as a Coinbase brand impersonation domain blocked by SEAL & MetaMask. Check the full report. ## Summary PhishDestroy identifies app.coinbasekorea.com as an active brand impersonation threat masquerading as a Coinbase service. This domain, registered just days ago on April 07, 2026, exploits the trust associated with the globally recognized cryptocurrency exchange to deceive potential victims. While currently free from anti-virus detections (0/95 on VirusTotal), it has already earned a place on two security blocklists and remains unresolved for further investigation. Its infrastructure includes a Let’s Encrypt SSL certificate and resolves to IP 203.248.94.172, hosted via Dynadot Inc. Given its recent registration and absence of widespread detection, this impersonation site poses a latent but evolving risk to unsuspecting users. This domain was flagged by both SEAL and MetaMask, indicating active blocking at the network and browser extension levels. Its registration date reveals a calculated effort to appear legitimate amid fluctuating market activity. With zero detections on VirusTotal and no public reputation score, it evades traditional signature-based defenses. The IP—203.248.94.172—hosting this site has not yet been widely blacklisted, allowing traffic to flow unimpeded. Domain creation occurred on April 07, 2026, a timing that suggests potential correlation with seasonal phishing campaigns or market events. Let’s Encrypt’s TLS certificate adds a veneer of authenticity, tricking users into believing the site is secure. To mitigate the specific threat of brand impersonation, users should validate domains against official sources before entering credentials. Never rely solely on SSL certificates or domain registration dates. Organizations are advised to block this domain at the DNS and firewall levels, leveraging intelligence from active blocklists like SEAL. For enterprises, deploying browser isolation or extension-based defenses can prevent access to such sites. Report any interactions to Coinbase Abuse and update user awareness training to recognize phonetic or region-specific impersonations. Monitor for related domains using seed 6ac123 to track potential expansions of this campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Coinbase ## Domain Intelligence - Registered: 2026-04-07 06:45:25 - Registrar: Dynadot Inc - IP: 203.248.94.172 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["SEAL", "MetaMask"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/app.coinbasekorea.com - PhishDestroy: https://phishdestroy.io/domain/app.coinbasekorea.com/ - LLM endpoint: https://phishdestroy.io/domain/app.coinbasekorea.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app.coinbasekorea.com/ Last updated: 2026-04-10