mass.report
Scan Intelligence Report0/100
critical Risk
coinspot.system-apps-updates.com
https://coinspot.system-apps-updates.com/zecdz?utm_campaign=VG_2770547209948392_0203_LAND213.1_1-1-1&fbid=1505961980967484&utm_content=17coinspot1en&cid=1_AU_701_2760_mj_DwInCu&bid=BID&subid=2hf5i5.349.11k67
IP
104.21.36.215 · Cloudflare, Inc.
Location
Toronto, Canada
Domain Age
76 days
HTTP
200 · 64.0s
SSL
Valid· WE1, Google Trust Services, US
Status
COMPLETED
Domain Intelligence: system-apps-updates.com
Scanned 2 times since Mar 3, 2026, 02:06 AM UTC
✗ Critical (100)
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
CoinSpot
Vendors
26/27
Status
partial
✓ brightcloud✓ avg✓ emsisoft✓ norton✓ eset✓ microsoft✓ avast✓ google✓ bitdefender✓ sophos✓ yandex✓ apple✓ apwg✓ openphish✓ cisa✓ urlquery✓ netcraft✓ spamhaus✓ urlscan✓ phishreport✓ phishtank✓ virustotal✓ urlabuse✓ threatyeti✓ mcafee✓ fortiguard✗ kaspersky
Registered-domain escalation
Submit system-apps-updates.com as the primary IOC, enriched with evidence from hostile subdomains like coinspot.system-apps-updates.com.
KB/IOK Matches (0)—
No KB/IOK detections were recorded for this scan.
CoinSpot
Credential Phishingcryptocurrency | finance | technology · 4/5/2026
Summary
This page at coinspot.system-apps-updates.com impersonates CoinSpot by including CoinSpot in the domain name and displaying UI elements resembling a branded CoinSpot experience. The site is a SPA-like page that loads brand assets and styling, but the domain does not belong to CoinSpot and the page content imitates a cryptocurrency exchange login/credential capture flow. The SSL cert is valid but issued to system-apps-updates.com, not CoinSpot, and the domain age is recent (76 days).
Attack Techniques (5)
Typosquat/brand-embedded domain impersonation (coinspot.system-apps-updates.com)Cloned SPA with brand-themed UI and assets loaded from site-controlled domainsBrand logos/assets loaded via external script and image endpoints to mimic CoinSpotSingle-Page Application (SPA) rendering credential capture elements client-sideSSL certificate issued to a different parent domain, while presenting CoinSpot branding
Indicators of Compromise (5)
▸DOMAIN IOC: coinspot.system-apps-updates.com
▸NETWORK IOC: assets and fonts hosted under coinspot.system-apps-updates.com (img/*, styles.css)
▸External script: https://static.cloudflareinsights.com/beacon.min.js/v67327c56f0bb4ef8b305cae61679db8f1769101564043
▸POST requests to /cdn-cgi/rum? (likely tracking or exfiltration) with 204 status
▸SSL Subject CN: system-apps-updates.com (not CoinSpot)
Risk AssessmentUsed in abuse reports
scanner detected domain impersonation signals with CoinSpot branding on a nonCoinSpot domain. The page uses SPA techniques to render a credential-capture UI while delivering CoinSpot-like visuals. The certificate is valid but issued to system-apps-updates.com, and the domain age (76 days) is suspicious for impersonation activity. Combined with multiple POST requests to a CDN rum endpoint, this is a high risk phishing landing designed to harvest credentials. Action should be taken promptly to block and suspend hosting for the impersonating domain and to alert CoinSpot abuse channels.
Recommended Action
Suspend Domain
Cross-Reference8
URL Intelligence
Domain Intelligence
IP Intelligence
Public threat feed available — JSON API