coinspot.digital-user-app.com

https://coinspot.digital-user-app.com/crhrm?utm_campaign=YP_C_2106807360071248_0603_Reg213.1_ul_1-2-3&fbid=1439588421283326&utm_content=19cp4en&cid=1_Reg_701_AU_2155_M_int_NC&bid=BID&subid=2hf5i5.19b.143se

172.67.207.250 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

85 days

HTTP

200 · 21.1s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Screenshot of coinspot.digital-user-app.com

Zoom

Title: "Australian Crypto & Bitcoin Exchange, Crypto Trading | CoinSpot"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

CoinSpot

Vendors

1/1

Status

completed

✓ polyswarm

Registered-domain escalation

Submit digital-user-app.com as the primary IOC, enriched with evidence from hostile subdomains like coinspot.digital-user-app.com.

KB/IOK Matches (1)—

coinspot-clone-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

CoinSpot

Credential Phishing

finance | cryptocurrency | ecommerce · 4/5/2026

Summary

The page impersonates CoinSpot, presenting a CoinSpot-brand page on a domain that includes the CoinSpot name but is not the officialCoinSpot domain. The page title explicitly references CoinSpot, and multiple CoinSpot assets (logo, navigation labels) appear in the static HTML and embedded assets. The host is coinspot.digital-user-app.com, which is a subdomain under digital-user-app.com, and the SSL cert is valid but issued to a different domain. The page uses SPA-style loading with dynamic credential capture likely via external JS bundles and a high volume of external tracking/analytics scripts, suggesting credential harvesting mechanics. This strongly indicates a typosquash impersonation or domain abuse intended to capture user credentials while visually mimicking CoinSpot.

Attack Techniques (6)

Typosquat/brand-domain mismatch: domain contains 'coinspot' but is not the official coinspot.com domainCloned SPA rendering login/credential capture via JavaScript bundles (index-BeqPfQIr.js) despite no static form in HTMLBrand assets (logo-B3_PD0ka.svg, logo/branding) and page content mirrored to CoinSpotExternal analytics/telemetry loading from PostHog and Cloudflare, indicating data exfiltration/tracking for victimsSSL certificate issued for digital-user-app.com with CoinSpot branding signals impersonation; domain age (85 days) and recent registration raise riskIframes and third-party chat widget (chatwoot) loaded, potentially used for credential collection or social engineering

Indicators of Compromise (6)

▸Domain: coinspot.digital-user-app.com (contains 'coinspot' but not official CoinSpot domain)

▸Page title and visual branding: 'Australian Crypto & Bitcoin Exchange, Crypto Trading | CoinSpot'

▸Static HTML contains no forms; SPA likely renders credential capture via assets/index-BeqPfQIr.js

▸External assets: index-BeqPfQIr.js, analytics-bundle.js, logo-B3_PD0ka.svg, multiple CoinSpot assets

▸Iframes to chatwoot and PostHog analytics endpoints; PostHog endpoints for event beacons

▸SSL cert subject: digital-user-app.com (not coinspot.com); issuer Google Trust Services

Risk AssessmentUsed in abuse reports

Scanner analysis indicates deliberate impersonation of CoinSpot on a domain that falsely bears CoinSpot branding. The page uses a SPA architecture with dynamic credential capture logic embedded in external JS bundles, and loads multiple brand-specific assets to deceive victims. The domain is newly registered (85 days) and hosted behind Cloudflare, with a valid SSL certificate issued to digital-user-app.com, which compounds legitimacy concerns. The combination of brand in domain, brand in page title, and behavior suggest high risk of credential harvesting targeting CoinSpot users; immediate action recommended to disable hosting and registrar suspension to prevent victim exposure.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence