69352574.xyz

https://69352574.xyz/lfyli7ns

104.21.83.211 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

200 · 31.3s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Jedna chwila..."

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Unknown

Credential Phishing

finance | technology | ecommerce | cryptocurrency | other · 4/5/2026

Summary

This site at 69352574.xyz is attempting credential collection, likely via a SPA-rendered form embedded in JavaScript. The page title Jedna chwila... is generic and does not reveal a specific brand, but the domain is a new, suspicious .xyz host behind Cloudflare, with active JS assets and a POST to a rum endpoint, indicating data exfiltration potential. Visual branding in the screenshot cannot be confirmed as any legitimate brand, and no static login form is present in the initial HTML, consistent with a SPA designed to render credentials at runtime.

Attack Techniques (5)

New, suspicious domain (0 days age) used for impersonationSingle-Page Application (SPA) style page with dynamic credential capture via external JS bundlesExternal script loading (jquery, axios) and beacon; potential hidden form rendering at runtimePOST to /cdn-cgi/rum? suggesting interaction with a script-based tracking/feedback endpointSSL certificate issued by Let's Encrypt to a new domain; Cloudflare fronting traffic

Indicators of Compromise (6)

▸Domain: 69352574.xyz (new, high-risk domain age 0 days)

▸SSL: Let's Encrypt cert issued recently for 69352574.xyz

▸Network: POST to https://69352574.xyz/cdn-cgi/rum? (204) indicating data or beacon submission

▸Network: GET/POST requests to generic CDN/JS assets and beacon script from Cloudflarejs and Google CDN

▸No static login form in HTML; SPA-rendered forms likely via loaded JS bundles

▸Final URL and path contain no explicit brand name, but the page title is non-brand generic

Risk AssessmentUsed in abuse reports

The domain 69352574.xyz is a newly registered host behind Cloudflare, with a Let's Encrypt SSL certificate and SPA-style delivery that is commonly used for credential harvesting. The page shows no static forms in HTML, but the presence of external JS bundles and a POST beacon endpoint suggests runtime credential capture. The combination of a new, suspicious domain, non-brand page title, and network activity designed to collect user input constitutes a high-risk phishing attempt intended to impersonate legitimate services. Recommend immediate containment actions and further investigate domain ownership and hosting providers.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence