swyftx.workspace-app-lab.com

https://swyftx.workspace-app-lab.com/wslus?utm_campaign=JQ_669689246230011_2402_Land374.1_abo_rem_1-3-2&fbid=1213981274182747&utm_content=17swftx150xrp1en_+17swftx150xrp3en&cid=2_Pur_701_NzAuC_2554_M&bid=BID&subid=2hf5i5.2fa.v3cq

104.21.57.176 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

41 days

HTTP

200 · 22.3s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Screenshot of swyftx.workspace-app-lab.com

Zoom

Title: "Swyftx: Crypto Exchange, Buy & Sell Crypto"

Save

Registered-domain escalation

Submit workspace-app-lab.com as the primary IOC, enriched with evidence from hostile subdomains like swyftx.workspace-app-lab.com.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Swyftx

Credential Phishing

finance | cryptocurrency · 4/5/2026

Summary

This page presents Swyftx branding and a Swyftx page title, but the domain is swyftx.workspace-app-lab.com, a non-official subdomain that impersonates Swyftx. The SPA loads Swyftx-like assets and a logo, and the page appears to render a credential capture flow via dynamic JavaScript despite no static forms in the initial HTML. The domain similarity and visual impersonation strongly indicate a typosquat clone aiming to harvest credentials.

Attack Techniques (5)

Brand impersonation via domain containing the target brand (swyftx.workspace-app-lab.com)Cloned SPA with dynamic credential capture (0 static forms, forms rendered by JS bundles)Loading brand-like assets and logos from the impersonated brand path (assets/logo-*.svg) and Swyftx-like UIExternal tracking/analytics scripts (PostHog, Google Tag Manager) to obfuscate data exfiltrationSuspicious new domain (41 days old) with Cloudflare hosting and SPA behavior

Indicators of Compromise (6)

▸Domain: swyftx.workspace-app-lab.com (IOCs: domain contains 'swyftx')

▸Page title: 'Swyftx: Crypto Exchange, Buy & Sell Crypto' matching the impersonated brand

▸External script references to Swyftx-like assets: assets/index-DYk4ZIO9.js, assets/logo-ulcveZNW.svg, etc.

▸Iframes linking to chatwoot on workspace-app-lab.com indicating this domain hosts multiple components

▸SSL cert: issued to workspace-app-lab.com (Google Trust Services) with still-valid period

▸Domain age: 41 days, recently registered

Risk AssessmentUsed in abuse reports

Scanner analyzed domain intelligence and page content shows strong brand impersonation of Swyftx. The site uses a SPA architecture with dynamic credential capture likely rendered by JavaScript bundles, and loads legitimate-looking Swyftx assets to increase trust. The domain is not the official Swyftx domain, despite the page title and UI mirroring Swyftx, which constitutes credential phishing. Given the combination of brand similarity, SPA rendering, new domain, and hosted assets, this site represents a high-risk phishing attempt intended to harvest user credentials.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence