mass.report
Scan Intelligence Report0/100
critical Risk
svyftx.app-loader-suite.com
https://svyftx.app-loader-suite.com/3coaz?utm_campaign=HG_1775894513075753_0303_Land374.1_sales_1-3-2abo&fbid=1286456742640539&utm_content=17swftx2en&cid=1_reg_701_AuNz_mw_21-57_noint&bid=BID&subid=2hf5i5.33b.123ji
IP
104.21.75.19 · Cloudflare, Inc.
Location
Toronto, Canada
Domain Age
74 days
HTTP
200 · 17.0s
SSL
Valid· WE1, Google Trust Services, US
Status
COMPLETED
Domain Intelligence: app-loader-suite.com
Scanned 3 times since Feb 17, 2026, 09:38 AM UTC
✗ Critical (100)
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Swyftx
Vendors
1/1
Status
completed
✓ drweb
Registered-domain escalation suggested
Suggested nowSubmit app-loader-suite.com as the primary IOC, enriched with evidence from hostile subdomains like svyftx.app-loader-suite.com.
2 hostile subdomains across 3 completed scans were observed under this registered domain. Recent hosts: svyftx.app-loader-suite.com, coinspot.app-loader-suite.com.
KB/IOK Matches (1)—
swyftx-clone-kit
swyftx-clone-kit
Directives: skipAi, skipUnblocker, skipMobileVariant
Swyftx
Credential Phishingfinance | cryptocurrency | technology | ecommerce · 4/5/2026
Summary
This site presents Swyftx branding and page title on a non-official domain svyftx.app-loader-suite.com. The page title explicitly references Swyftx, while the domain is not the legitimate Swyftx domain, indicating impersonation. The page uses SPA-like behavior with external analytics scripts and an embedded chat widget, suggesting credential collection through dynamically rendered forms.
Attack Techniques (5)
Typosquatted/brand-matched domain on a non-official domain (svyftx.app-loader-suite.com) impersonating SwyftxSPA/JS-rendered credential capture: static HTML contains no forms but multiple external JS bundles likely rendering forms at runtimeBrand assets and logos loaded from the impersonated domain paths (logo-ulcveZNW.svg, assets/*) to mimic Swyftx brandingNetwork requests to PostHog analytics and other tracking endpoints to exfiltrate dataIframes/widget integration (chatwoot) potentially used to harvest credentials within a cloned UI
Indicators of Compromise (5)
▸Domain: svyftx.app-loader-suite.com (impersonation of Swyftx)
▸Page title: Swyftx: Crypto Exchange, Buy & Sell Crypto
▸Assets loaded: /assets/logo-ulcveZNW.svg, index-DYk4ZIO9.js, logo assets that mimic Swyftx branding
▸External scripts from posthog.com for analytics/tracking
▸IFrame: chatwoot.app-loader-suite.com/widget?website_token=K2y2jUGPdvtY5Nun4MGBtrkW
Risk AssessmentUsed in abuse reports
Scanner observed a Swyftx-branded page served from svyftx.app-loader-suite.com with a recently created SSL certificate (valid Feb–May 2026) and a domain age of 74 days, which is suspicious for impersonation. The static HTML contains no forms, but SPA-style scripts indicate credential capture could occur after runtime rendering. The page loads multiple analytics and tracking endpoints, and includes an embedded chat widget, all of which are consistent with phishing infrastructure designed to harvest user data while masking the true domain. Given the strong brand impersonation signals (title and logos) on a non-official domain, this is high-confidence credential phishing intended to mimic Swyftx and collect user data.
Recommended Action
Monitor
Cross-Reference8
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API