yip.su

https://yip.su/2sTEV4

104.21.79.77 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

—

HTTP

200 · 62.4s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Discover New Music - Chosic"

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Chosic

Credential Phishing

technology | ecommerce | finance | cryptocurrency | other · 4/5/2026

Summary

The page presents as Chosic (Discover New Music - Chosic) but the domain used is yip.su, a typosquat/redirecting domain. The final URL resolves to www.chosic.com, yet the initial domain and SPA indicators on the scanned page suggest impersonation and potential credential collection via dynamic JavaScript. Visuals and page title match Chosic, but domain intelligence indicates typosquatting near Wix-related signals, and the site uses extensive third-party trackers and iframes indicating a credential harvesting objective.

Attack Techniques (6)

Typosquat domain (yip.su) impersonating chosic.comBrand logo/assets and page title cloned to resemble ChosicSingle-Page Application with dynamic credential capture via JavaScript bundlesExtensive external script loading and iframes for ad/tracking networksRedirect flow from a typosquat to the legitimate domain to harvest credentials or dataNew SSL cert and Cloudflare hosting to appear legitimate while evading simple checks

Indicators of Compromise (7)

▸DOMAIN: yip.su (suspected typosquatting for jup/Jupiter signal in DOMAIN INTELLIGENCE)

▸Final URL: https://www.chosic.com/ (brand impersonation confirmed by page title, og meta, and visible branding)

▸Page Title: Discover New Music - Chosic (matches brand but domain does not)

▸External script hosts loading ad/analytics networks (googletagmanager, google-analytics, adsense, various ad/PSD networks) indicating heavy tracking

▸Iframes referencing ads and multiple third-party trackers, plus hidden form inputs detected

▸SPA with 0 static forms but 46+ scripts indicating credential capture logic loaded at runtime

▸SSL cert valid Jan 24 2026 to Apr 24 2026 from Google Trust Services (notalarming alone, but in context of typosquat domain and block indicators)

Risk AssessmentUsed in abuse reports

Abuse potential is high. The domain yip.su appears to be a typosquat with strong signals of impersonating Chosic, leveraging a legitimate-looking Chosic page title and branding to lure victims. The site employs a SPA architecture with numerous external scripts and iframes, raising the likelihood of credential harvesting via dynamically injected forms. The final URL resolves to the legitimate chosic.com, but the initial domain, DNS/WHOIS ambiguity, and aggressive tracking indicate a crafted attempt to capture user data. The presence of hidden inputs and extensive ad-network integrations further supports a malicious intent to siphon credentials or other sensitive information from unsuspecting users. This should be treated as credential_phishing with impersonation risk and restricted to immediate takedown actions.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence