app-flow-network.com

https://app-flow-network.com/lqxxw?utm_campaign=VG_2770547209948392_0403_LAND213.1_1-1-1_1&fbid=1505961980967484&utm_content=17coinspot1en&cid=1_AU_701_2760_mj_DwInCu&bid=BID&subid=2hf5i5.374.12sck

104.21.21.97 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

49 days

HTTP

200 · 16.9s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "CoinSpot"

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (1)—

coinspot-clone-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

CoinSpot

Credential Phishing

finance | cryptocurrency | ecommerce · 4/5/2026

Summary

The page at app-flow-network.com presents CoinSpot branding (CoinSpot page title, logos, and UI elements) but the domain is not CoinSpot. This indicates impersonation to harvest credentials or perform fraudulent engagement. The SPA-like structure loads CoinSpot assets and a large CoinSpot-branded hero, while the domain age is 49 days and the SSL cert is valid but issued to the same domain, suggesting deception rather than legitimate hosting. Visuals in the screenshot show CoinSpot branding, including a large logo and messaging about earning XRP, which could mislead victims into entering credentials or personal data on a spoofed site.

Attack Techniques (5)

Typosquatting/brand impersonation evidenced by page title CoinSpot on a non-official domainCloned SPA with dynamic credential capture logic loaded via multiple external JS bundlesBrand logos/assets loaded from brand-like paths (logo-DsXr1j0B.svg, big-logo-DvGZqmBj.svg) to mimic CoinSpotUse of PostHog analytics and other tracking scripts to capture user interactionsWAF/BOT evasion signals implied by external script loading and SPA structure

Indicators of Compromise (6)

▸DOMAIN: app-flow-network.com (not CoinSpot domain)

▸PAGE TITLE: CoinSpot

▸External asset paths mimicking CoinSpot branding (/logo-DsXr1j0B.svg, /assets/logo-DsXr1j0B.svg, big-logo-DvGZqmBj.svg)

▸Analytics scripts loading from posthog.com and cloudflare insights, indicating data collection

▸Iframes to chatwoot widget from chatwoot.app-flow-network.com

▸SSL certificate valid for app-flow-network.com but domain age 49 days

Risk AssessmentUsed in abuse reports

Scanner detected a high risk phishing setup. The page is impersonating CoinSpot on a non-official domain (title and visible branding align with CoinSpot), suggesting credential harvesting or fraudulent activity. The site loads numerous analytics/scripts and uses SPA delivery, indicating the intent to capture user interactions and potentially credentials. The domain is newly registered (49 days) with a Cloudflare hosting setup, and the presence of the CoinSpot branding without being on CoinSpot's official domain strongly supports impersonation and abuse potential. This warrants urgent takedown measures and domain hosting suspension to prevent user credential theft.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence