coin.promo548.com

http://coin.promo548.com/lrnlb?utm_campaign=FAST_1396_CB+GB_NEW+01&utm_content=en-123&cid=2&fbid=743582632168058&utm_medium=paid&utm_source=fb&utm_id=120239585297240495&utm_term=120239585624490495

172.67.159.75 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

46 days

HTTP

200 · 19.8s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Achieve Your Goals | Professional Platform"

Save

Registered-domain escalation

Submit promo548.com as the primary IOC, enriched with evidence from hostile subdomains like coin.promo548.com.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

SuccessPro

Credential Phishing

Technology · 4/5/2026

Summary

The page displays a branding consistent with a platform called SuccessPro, evidenced by the page title Achieve Your Goals and the header logo text 'SuccessPro'. The domain coin.promo548.com does not belong to SuccessPro and the HTML source shows a generic SPA shell with a logo text 'SuccessPro' but no official domain. The site loads external scripts from coin.promo548.com and uses Cloudflare, with a new SSL cert issued to promo548.com. This indicates a credential collection attempt hosted under a typosquor-like domain impersonating SuccessPro and rendering a dynamic login/credential capture flow via JavaScript.

Attack Techniques (5)

Typosquatting/brand impersonation using a non-official domain (coin.promo548.com) while the UI mirrors SuccessPro brandingSingle-Page Application (SPA) delivering credential capture via dynamically rendered forms in JavaScript bundlesBrand assets loaded from attacker-controlled domain (script.js on coin.promo548.com)OAuth/credential harvesting pattern suggested by POST to /cdn-cgi/rum? and beacon loadingWAF/CDN usage (Cloudflare) to evade automated scanners while serving the phishing content

Indicators of Compromise (7)

▸DOMAIN: coin.promo548.com (suspect IOCs)

▸Page title and visual branding: 'Achieve Your Goals | Professional Platform' and 'SuccessPro' logo text in header

▸External script sources: http://coin.promo548.com/script.js (brand-cloning host), https://static.cloudflareinsights.com/beacon.min.js/...

▸Network: POST to http://coin.promo548.com/cdn-cgi/rum? (204), unusual analytics/rum endpoints

▸SSL certificate: Subject CN promo548.com, new cert valid Jan-Apr 2026 (46 days old domain age)

▸No static HTML forms; SPA indicates credential capture via JavaScript

▸Beacon/analytics scripts loaded to track visitor interactions

Risk AssessmentUsed in abuse reports

High risk of credential harvesting impersonation. The domain is newly registered (46 days) and hosts a phish-like clone of the SuccessPro UI, with the page title and header indicating SuccessPro branding while the content is served from coin.promo548.com. The static HTML contains no forms, but the SPA likely renders and captures credentials through JavaScript bundles loaded from the attacker domain. The SSL certificate is issued to promo548.com, and the domain has Cloudflare infrastructure, but appreciable indicators show deliberate impersonation and data exfiltration potential. This warrants immediate action and takedown on abuse channels; suspend_domain and block_url should be considered, given the host and IOCs.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence